Security

Security is a core requirement of Integrative Medicine AI, not an afterthought. ExtraCortex LLC designs the platform with defense-in-depth: data is protected in transit and at rest, access is least-privilege and role-based, and activity is logged for auditability.

All traffic to our websites and application is encrypted in transit using TLS. Data at rest in our managed databases is encrypted using industry-standard algorithms.

Access to customer environments and data is restricted to authorized personnel on a need-to-know basis. The application enforces role-based access control, and administrative actions are recorded in audit logs. Single sign-on (SSO) and organization-level controls are available for enterprise deployments.

Integrative Medicine AI is designed to support clinical workflows that may involve protected health information (PHI). For customers who require it, we support HIPAA-aligned deployments, including Business Associate Agreements (BAAs) for qualifying plans, and private-cloud or on-premises options.

Our public marketing website is not intended to receive PHI. Please do not submit patient-identifiable information through the demo-request form.

Our infrastructure runs on reputable cloud providers with hardened configurations, network isolation, and regular patching. We monitor for anomalous activity and maintain backup and recovery procedures to support availability and data durability.

We welcome reports from security researchers. If you believe you have found a vulnerability, please email security@extracortex.com with details so we can investigate. We ask that you give us a reasonable opportunity to remediate before any public disclosure, and that testing avoids privacy violations, data destruction, or service disruption.

For security questions, documentation requests, or to report an issue, contact security@extracortex.com.