Security
Sanolith is designed around private deployment, fail-closed PHI controls, tenant isolation, signed service images, and auditable model access.
Tenant-scoped
Private data boundary
Audit evidence
- Every redaction event and model call is recorded for HIPAA §164.312(b)-aligned audit review.
- Service-to-service traffic is expected to run over mTLS in production deployments.
- API keys and webhook secrets are shown once, copied client-side, and stored server-side only as hashes where supported.
Questions? Email [email protected].
Last updated: 2026-05-06.