Security & Privacy

At Brevi Technologies, we deeply acknowledge that the two most important aspects of Digital Health Business are the quality of the service and the security & privacy of the Healthcare providers and their Patients.
We have implemented Enterprise-Grade Security and constantly work on enhancing security measures.



Brevi Technologies, Inc. is 100% HIPAA compliant and has the SOC2 type-1 Certificate ensuring Healthcare Providers' and their patients' privacy & security and meeting all regulations & requirements.

Notes: we are working on getting a SOC2 type-2 certificate, and Prescient Assurance LLC Auditors are monitoring Brevi Technologies, Inc.

Trust Centers

The Vanta Trust Center is where Brevi's customers and partners can monitor the company's real-time compliance with all SOC2 & HIPAA requirements.


The Safebase Trust Center is a place where Brevi's customers and partners can request/get Security & Data Privacy policies, Cyber Coverage, and SOC2 certificate & HIPAA-compliance attestation reports, confirming the full compliance of the company's services with all regulations.



Cloud Hosting

All data is stored and processed within secure Microsoft Azure data centers. Brevi Technologies is 100% compliant with the Azure "Regulatory Compliance" center for HIPAA/HITRUST and SOC2 requirements, and we constantly monitor all Azure conditions and terms to meet the requirements.

Data Encryption

All the information on Brevi Technologies' database has two layers of encryption and security at rest: 1st is the Microsoft-managed default encryption, and 2nd our custom data encryption. The data is also fully encrypted during the transit using the TSL 1.2 protocol plus additional encryption using RSA-256 with dynamically generated keys. On the mobile application, we use AES-256 in combination with RSA-256.

Multi-Factor Authentication

Brevi Technologies employs an additional layer of security to authenticate anyone, whether our employees or customers. We use default integrated SMS MFA provided by the Azure B2C service.

Limited Access

Brevi Technologies has strong access authorization settings and determines the type and level of access granted to unique users based on the "principle of least privilege." This principle states that users are only granted the necessary level of access to perform their job functions.