Security and Data Protection

At Philterd, we recognize that entrusting a third-party service with sensitive document redaction is a significant decision that requires a high degree of trust. Security is not just a feature of Philterd Data Services; it is the fundamental pillar upon which our entire platform is built. We are committed to maintaining the highest standards of data protection and transparency.

This page provides a detailed overview of the multi-layered security measures and precautions we have implemented to safeguard your data. If you have specific security requirements or further questions, we encourage you to contact our support team. We are always available to discuss our security architecture in greater depth.

Encryption Standards

We utilize robust encryption protocols to ensure your data remains protected both during transmission across the internet and while at rest within our infrastructure.

Encryption in Transit

All interactions with the Philterd Data Services platform, including our web dashboard and our REST API, are conducted exclusively over secure, encrypted connections using Transport Layer Security (TLS/SSL). (This is indicated by the https prefix in our URLs.) This ensures that all data transmitted between your local environment and our servers - including login credentials, redaction policies, sensitive documents, and metadata - s protected from interception or tampering.

Encryption at Rest

Once your data reaches our environment, it is immediately encrypted before being stored. We utilize industry-standard AES-256 encryption for all data at rest. Note that in some cases, we do not store your uploaded documents after they have been processed.

Each Philterd Data Services account is provisioned with its own unique encryption keys. This ensures cryptographic isolation between different users' data.

For organizations with strict security requirements, Philterd Data Services supports Bring Your Own Key (BYOK). This allows you to provide your own 256-bit AES encryption key to be used for encrypting your documents and data. For more information, please see our Encryption Keys documentation.

Data Sovereignty and Third-Party Services

A core principle of our security model is maintaining control over the data processing lifecycle. We never transmit your sensitive documents or data to any third-party providers.

All operations - including text extraction, PII/PHI identification, automated redaction, and risk assessments - are performed exclusively on Philterd Data Services' infrastructure.

Unlike other services, Philterd Data Services does not use OpenAI (ChatGPT), Microsoft Azure AI, Google Cloud AI, or any other third-party AI/LLM services for document processing. All machine learning models used by our platform are developed and hosted in-house by Philterd.

Benefits of Our Approach

By eliminating external dependencies, we provide our users with:

Enhanced Security: Your data never leaves our controlled environment.
Greater Privacy: No third-party provider has the opportunity to see or store your sensitive information.
Reduced Risk: You are not subject to the privacy policies or security vulnerabilities of external AI providers.

Account and Access Security

Protecting access to your Philterd Data Services account is critical to the overall security of your data. We provide several enterprise-grade features to help you manage and secure your account.

MFA

Multi-Factor Authentication (MFA) adds an extra layer of security to your account. Philterd Data Services requires MFA for all account logins. We offer two MFA options:

Email: A unique verification code is automatically generated and sent to your registered email address upon login. You must provide this time-sensitive code to successfully complete the authentication process.
Code Generator: You can use a code generator app (such as Google Authenticator, Authy, or Microsoft Authenticator) to generate time-sensitive verification codes. To use this option, you scan a QR code within the dashboard to link your account to your preferred authenticator app.

If you are unable to complete the MFA challenge during login, please refer to our account recovery documentation for detailed troubleshooting steps and support options.

API Security and IP Whitelisting

For users integrating with our platform programmatically, we offer advanced controls to secure API access.

IP Address Restrictions: You can restrict API access to specific, authorized IP addresses or CIDR ranges.
Enforcement: Even if an API key is accidentally exposed, it will be rendered useless if the request originates from an unauthorized network location.

Session Management and Security Auditing

Session Expiration: Active user sessions are continuously monitored and are configured to expire automatically after a defined period of inactivity. This mitigates the risk of unauthorized access if a workstation is left unattended.
Comprehensive Audit Logging: We maintain detailed audit logs of all security-significant events within your account. This includes successful and failed login attempts, changes to security settings, and API key management activities. These logs are vital for monitoring suspicious activity and maintaining a clear trail of administrative actions.

Compliance and Regulatory Standards

Philterd Data Services is engineered from the ground up to help our customers meet their regulatory and compliance obligations. Our platform and internal processes are designed to align with major international and industry-specific standards, including:

HIPAA (Health Insurance Portability and Accountability Act): Specifically designed to protect the privacy and security of PHI. We provide a Business Associate Agreement (BAA) for customers who process PHI on our platform.
GDPR (General Data Protection Regulation): Adhering to strict standards for the protection of personal data of individuals within the EU.
CCPA/CPRA (California Consumer Privacy Act): Ensuring compliance with data privacy rights for California residents.