Trust CenterFor CISOs, procurement, and counsel

Compliance, engineered into the reasoning substrate.

ChironAI is built for the regulatory realities of healthcare. The pages below document the frameworks we comply with, the controls we operate, the data we never touch, and the disclosures we are deliberate about. Designed to be the one URL a procurement officer can send to their CISO with confidence.

Every Trust Center page is print-friendly. Procurement teams routinely attach these documents to RFP responses.

Four pillars

AB 489 / SB 1120 / AB 3030 / ADMT / HIPAA

Compliance →

Regulatory frameworks ChironAI is engineered around — California AB 489 (AI as decision-support, not clinician), SB 1120 (physician decision authority), AB 3030 (generative AI disclosure), AB 375 CCPA/CPRA Automated Decision-Making Technology, HIPAA-aligned controls, GDPR and UK GDPR posture.

Encryption, audit chain, access control

Security →

256-bit encryption at rest and in transit. Tamper-evident HMAC + previous-hash audit chain. SHA-256 document signature integrity. Fine-grained clinical RBAC. Multi-tenant isolation enforced by tenant ID guards. MFA on staff accounts. SOC 2 audit-ready controls; formal audit pathway evaluation underway.

No customer data in training, by construction

Data handling →

Eve-Genesis (Clinical Edition) is 100% synthetic by construction. No customer data, no patient data, and no protected health information enters our training pipeline — ever, by architectural property. Data residency commitments by region. Retention policies per data class. BAA available for institutional customers.

FDA SaMD posture, audit status, jurisdictional

Disclosures →

Where we are deliberately silent or not yet certified — honest framing rather than overclaim. FDA SaMD pathway evaluation, SOC 2 and ISO 27001 current status, audit firm relationships, jurisdictional disclosures across the operating regions.

The architectural posture

What it means to engineer compliance into the substrate.

The AI reasons; the physician decides.

Every output passes through a must-review-before-final gate. Clinicians review and sign every artifact before it becomes part of the chart. AB 489 compliance is the substrate, not a footnote.

No customer data used for training. By construction.

Eve-Genesis (Clinical Edition), our proprietary training corpus, is 100% synthetic. The architecture cannot leak what is not present. This is an architectural property, not a policy promise.

Every output is auditable.

Tamper-evident HMAC + previous-hash audit chain on every clinical action. SHA-256 signature integrity on every signed document. Versioned, traceable, reviewable end to end.

Structured workflow, not free-form chat.

Free-form interfaces are incompatible with the auditability requirements of regulated industries. ChironAI is structured-workflow by design \u2014 evidence presented openly, reasoning visible at every step, confidence calibrated, every source cited.

A note to the reader

Have a procurement or security question we haven't answered?

Reach our security and compliance team directly. We respond to procurement and security-due-diligence inquiries within two business days.

Start a conversation →