ClearChartAI is built from the ground up for healthcare-grade security. Every layer — from identity verification to data storage — is designed to protect your health information.
ClearChartAI maintains full HIPAA compliance with Business Associate Agreements (BAA) signed with Google Cloud and all data partners. Your health data is encrypted in transit (TLS 1.3) and at rest. We follow the minimum necessary standard — only accessing the data needed for each specific request.
As a TEFCA-enabled Individual Access Services (IAS) Provider through CommonWell Health Alliance, ClearChartAI can retrieve your medical records from any connected healthcare provider in the United States. This means your health data from hospitals, clinics, and labs — all accessible in one place.
Before accessing any health records, your identity is verified to NIST IAL2 standards through Persona. This involves government-issued ID verification and biometric matching — the same level used by financial institutions. This ensures only you can access your medical data.
ClearChartAI implements a 7-layer Zero Trust architecture: Firebase Authentication, Protected Routes, Multi-step Login with MFA (AAL2), TanStack Query with memory-only cache, explicit auth verification on every API call, JWT token injection, and backend FastAPI validation. No single layer is trusted alone.
All sensitive operations require TOTP-based two-factor authentication compliant with NIST 800-63B AAL2 standards. Your health data cannot be accessed with just a password — a second factor from your authenticator app is always required.
Your health data is yours. ClearChartAI does not sell, share, or monetize patient data. We do not show ads. We do not build profiles. Your medical records exist in your account for your benefit only.
Contact our team at team@clearchartai.io or visit our Privacy Policy for full details.