Security & compliance
Compliance is the floor, not the feature.
Rebrief handles protected health information for dental practices. That responsibility shapes the architecture, not just the paperwork.
Compliance
Four frameworks, one posture
SOC 2
Security, availability, and confidentiality controls, independently examined.
HIPAA
Safeguards for protected health information, with business associate agreements for every practice.
GDPR
Data subject rights, data minimization, and EU processing requirements honored.
PIPEDA
Canadian privacy principles for consent, access, and safeguarding upheld.
Data handling
How patient data is handled
Encrypted, everywhere
Data is encrypted in transit and at rest. There is no configuration in which it is not.
Isolated per clinic
Each practice's data lives in its own isolation boundary. One clinic's records never mingle with another's.
Never trained on
Customer data is not used to train models. Your records improve your practice, not our weights.
Access
Access, controlled and logged
Single sign-on
Authenticate through your identity provider; access ends where employment does.
Role-based permissions
Access mirrors the practice: clinical, front desk, and billing see what their role requires.
Audit trails
Every read and write is logged and attributable — the same standard we hold your notes to.
The Bridge
The Bridge runs on-premise
The Bridge — the component that operates your practice management system — runs on-premise, inside the practice. It works with your PMS locally rather than shipping your database anywhere else.
PHI never persists in cleartext, and nothing leaves the building that the job did not require. The most sensitive path in the system is also the shortest one.
Responsible disclosure
Found something? We want to know
If you believe you have found a security issue in any Rebrief product, write to security@rebrief.ai. We respond quickly, keep you informed, and credit researchers who disclose responsibly.
Bring your compliance questions — we answer them live.