Tundra Space Trust Center

No model training on customer data

User-submitted data, including prompts, uploaded documents, proprietary content, PHI, and AI outputs, is not used to train AI models.

Zero data retention model posture

AI providers are configured for zero data retention or equivalent no-retention processing where supported.

BAA required before PHI AI use

Organizations must execute a BAA with Tundra before submitting PHI to Regulatory AI or uploading PHI-bearing documents.

Security and stability telemetry only

Telemetry and analytics are limited to security, reliability, and stability signals. User-submitted data, including PHI, proprietary documents, prompts, and AI outputs, is private and not used for telemetry or analytics.

Unique user identification

Every user has a unique UUID. No shared accounts.

Role-based access control

Four-tier RBAC: owner, site_admin, admin, member.

Multi-factor authentication

TOTP-based 2FA via authenticator apps with backup codes.

Automatic session logoff

15-minute idle timeout with client-side warning.

Session revocation on password reset

All active sessions are invalidated when a password is changed.

Encryption at rest (AES-256)

Database and object storage are encrypted via PlanetScale and AWS S3.

Encryption in transit (TLS 1.2+)

All connections enforce TLS. WebSockets use WSS.

Password hashing (bcrypt)

Passwords are salted and hashed. Plaintext is never stored.

Secure cookie attributes

HttpOnly, Secure, SameSite flags on all session cookies.

Structured audit logging

All access events logged as structured JSON to CloudWatch.

6-year log retention

CloudWatch log groups configured for HIPAA-compliant retention.

Authentication event tracking

Sign-in, sign-out, failures, 2FA events, and password changes.

Document access audit trail

Database-level audit log for all document CRUD operations.

Automated database backups

PlanetScale point-in-time recovery with multi-AZ replication.

Object storage durability

AWS S3 with 99.999999999% (11 nines) durability.

Multi-availability zone deployment

Lambda and database deployed across multiple AZs.

Emergency access procedures

Documented procedures for emergency access with hardware MFA.

Designated Privacy Officer

Single point of responsibility for HIPAA compliance program.

Annual risk assessments

Formal risk analysis using NIST SP 800-30 methodology.

Workforce HIPAA training

Mandatory training within 30 days of hire, annual refresher.

Incident response plan

Documented procedures with 60-day breach notification timeline.

Business Associate Agreements

BAAs executed with all subprocessors that handle PHI.