TheTrustCenter.

HTTPS only with HSTS preload. TLS 1.3 minimum. Cloudflare web application firewall, bot management, and DDoS protection in front of every public property. Content Security Policy locked. Subresource Integrity on third-party assets. CSRF protection and rate limiting at the edge. Quarterly external penetration tests of every gated form. Quantum-ready cryptographic posture on the roadmap for the platform layer.

Data residency is a default. Federated architecture with cross-border exchange under signed receipts. Reversible consent at the patient level. HealthID identity protections that allow verification without record disclosure. No PHI on any public chain, ever.

HIPAA-aligned intake at every public touchpoint. Section 508 conformance for federal engagement. WCAG 2.1 AA at launch with a path to 2.2 AA within six months. GDPR and CCPA cookie posture and data subject request workflow. SOC 2 Type II and FedRAMP postures on the roadmap for hosted platform services.

The Responsible AI policy is published and dated. It includes the model evaluation rubric, the incident disclosure pathway, and the rules of engagement for clinical surfaces. It is reviewed annually and after any material model release. The deep description of how every output is verified is at /platform/thia.