Get Access
Vault.Dental Trust & Security Center
For DentalGPT, SmileScribe, and all HIPAA-sensitive AI models within Patient Vault
Introduction
Vault.Dental (Patient Vault) is dedicated to providing dental professionals with secure, compliant, and reliable AI-powered solutions. Our platformā€”including DentalGPT, SmileScribe, and all HIPAA-sensitive modelsā€”is built on Stack AI's enterprise-grade infrastructure, ensuring robust security, privacy, and regulatory compliance for every workflow and every customer.
Our Security & Compliance Framework
Infrastructure & Certifications
Powered by Stack AI All core hosting, AI compute, storage, and backend operations for Vault.Dental products are performed exclusively within Stack AI's certified environments. We do not self-host or operate our own datacenters.
Stack AI Certifications:
  • SOC 2 Type II attestation
  • HIPAA-audited and Secureframe validated
  • Annual third-party penetration testing
  • Continuous monitoring and independent oversight
Visual Trust Badges: [Display SOC 2, HIPAA, Secureframe badges here for instant trust signals.]
Regulatory Compliance
HIPAA & HITECH
Vault.Dental is architected for full HIPAA and HITECH compliance, inheriting technical, physical, and administrative safeguards from Stack AI.
  • Business Associate Agreements (BAAs) are executed with Stack AI and with each customer practice during onboarding.
  • Ongoing compliance reviews, staff training, and policy updates ensure alignment with all regulatory requirements.
SOC 2 Type II
All SOC 2 Type II controls, monitoring, and annual audits are maintained by Stack AI. Vault.Dental policies and agreements are aligned with these frameworks.
Data Processing Agreements
A Data Processing Agreement (DPA) is available to all enterprise customers, detailing roles, responsibilities, and data handling procedures.
Data Protection & Technical Security
Hosting & Data Processing
  • All AI processing, data storage, and workflow orchestration are performed within Stack AI's HIPAA-audited, SOC 2-certified U.S. data centers.
  • Production, development, and testing environments are strictly segregated.
  • No customer or PHI data is ever processed or stored outside Stack AI's secure U.S. infrastructure.
Data Residency
  • All production data and backups remain within Stack AI's U.S. infrastructure to support HIPAA and regulatory requirements.
Encryption
  • In Transit: All data exchanged with Vault.Dental is encrypted via TLS (HTTPS).
  • At Rest: All data at rest is encrypted using industry standards (AES-256 or higher).
  • Key Management: Encryption keys are managed by Stack AI's enterprise-grade key management system.
Data Retention, Deletion & Portability
  • Data is retained only as long as necessary to deliver contracted services.
  • Customer data is deleted upon request or contract termination, following certified, auditable procedures.
  • Data export/portability options are available upon request.
De-Identification & Analytics
  • All analytics, QA, and product improvement activities use only de-identified or aggregated dataā€”never live PHI.
  • No data is ever sold or shared for third-party marketing or external AI training.
Access Control, Authentication & Audit
  • User Access: All users are assigned access based on the principle of least privilege, using granular role-based access controls (RBAC).
  • RepX Staff Access: Limited to authorized, security-trained personnel for support or compliance purposes only.
  • Stack AI Access: Stack AI acts solely as a subprocessor and does not access PHI except as required for infrastructure support.
  • Authentication: Multi-factor authentication (MFA) is required for all administrative and privileged accounts.
  • SSO: Single Sign-On (SSO) integrations are supported for enterprise clients.
  • Logging & Monitoring: All access to PHI and administrative functions is logged and retained in Stack AI's audit systems. Regular audits are performed.
Network Security, Testing & Resilience
  • Network Security: Advanced firewalls, network segmentation, and continuous vulnerability scanning protect all infrastructure.
  • Software Updates: All components and dependencies are monitored and patched promptly.
  • Penetration Testing: Annual third-party penetration tests are performed on all core infrastructure. Executive summaries are available under NDA.
  • Backup & Disaster Recovery: Encrypted, geographically redundant backups are performed regularly. Disaster recovery plans are tested to ensure rapid restoration and business continuity.
  • Business Continuity: Our business continuity strategy targets rapid recovery (RTO/RPO details available upon request).
Employee & Vendor Security
  • Vault.Dental Team: All employees undergo background checks, sign confidentiality agreements, and complete HIPAA/security training prior to system access (refreshed annually). All endpoint devices are encrypted and protected.
  • Vendor Management: No vendors or subprocessors, other than Stack AI and BAA-covered service providers, have access to PHI or core platform data. A current list of subprocessors is published [here] (or available on request). Customers are notified of any changes.
Privacy Rights & Data Subject Requests
Vault.Dental supports the privacy rights of all users and patients, including those under state-specific laws (e.g., CCPA/CPRA).
  • Individuals may request access, correction, or deletion of their data by contacting privacy@patientvault.ai.
  • Requests are processed in accordance with applicable law and contractual requirements.
Vulnerability Disclosure
We welcome responsible disclosure of security vulnerabilities.
  • Security researchers and customers may report vulnerabilities to security@patientvault.ai.
  • All reports are reviewed promptly and handled according to our responsible disclosure policy.
Incident Response & Breach Notification
  • Incident Response: Vault.Dental maintains a formal, regularly tested Incident Response Plan. All incidents involving PHI or regulated data are investigated, documented, and reported as required by law.
  • Breach Notification: In the event of a PHI breach, affected customers and authorities are notified promptly in accordance with HIPAA and contractual requirements. Initial response within 24 hours; notification within HIPAA-mandated timelines.
Supporting Services
  • Google Workspace: Used only for specific, limited supporting functions (e.g., secure email, file handling) and covered by a signed BAA. No core services, application hosting, or PHI storage are performed within Google Cloud or other third-party clouds.
Security Awareness & Culture
Security is a core value at Vault.Dental.
  • Executive leadership is directly involved in security oversight.
  • All staff receive ongoing security and privacy training.
  • We foster a culture of continuous improvement and proactive risk management.
Policy Documentation & Requests
The following documentation is available upon request (NDA as needed):
  • Business Associate Agreement (BAA)
  • Data Processing Agreement (DPA)
  • Security & Privacy Whitepaper
  • Encryption Policy
  • Penetration Test Executive Summary
  • Access Control Policy
  • Subprocessor List
Frequently Asked Questions (FAQ)
Is Vault.Dental HIPAA-compliant? Yes. All hosting, compute, and storage take place within Stack AI's HIPAA-audited, SOC 2 Type II certified environments. Our policies and customer agreements align with these frameworks.
Where is my data hosted and processed? All platform operations, including PHI storage and AI processing, are performed exclusively on Stack AI's U.S.-based, certified infrastructure.
Can I get a copy of your BAA, DPA, or latest security test? Yesā€”simply email practices@patientvault.ai and our compliance team will respond promptly.
Who can access my data? Only authorized users within your practice, and a limited number of security-cleared Vault.Dental staff (for operational support), can access PHI. All access is logged and auditable within Stack AI's environment.
How do you handle disaster recovery? All data is securely backed up and recoverable within Stack AI's U.S.-based infrastructure. Tested disaster recovery plans ensure minimal disruption and data integrity.
What if there's a security incident? Our Incident Response Planā€”aligned with Stack AI's security programā€”ensures rapid detection, response, and notification.
How can I exercise my privacy rights? Contact privacy@patientvault.ai to request access, correction, or deletion of your data.
Contact & Support
For security documentation, compliance requests, or due diligence, contact: practices@patientvault.ai
For urgent security issues: security@patientvault.ai
For privacy/data subject requests: privacy@patientvault.ai
About Vault.Dental
Vault.Dental (Patient Vault) empowers dental professionals with secure, trusted, AI-driven solutionsā€”all built on Stack AI's independently validated, enterprise-grade infrastructure.
Last updated: July 21, 2025
Contact Us Today:

Patient Vault.ai
808-450-2779
practices@patientvault.ai
http://PatientVault.ai
Powered by ODIN | Copyright 2025 PatientVault.ai | All Rights Reserved