Enterprise-Grade Security

Security & Compliance

Your data security and privacy are built into everything we do — not bolted on after the fact. Vilulia is built on AWS with enterprise-grade infrastructure, HIPAA-ready architecture, and controls built to SOC 2 standards.

SOC 2 Ready

Controls designed and operating to SOC 2 Trust Services Criteria. Formal attestation in progress.

SOC 2 Ready

HIPAA-Ready

Business Associate Agreement (BAA) available for qualifying healthcare mediations.

BAA Available

GDPR-Aligned

EU data protection practices with data processing agreements available.

GDPR-Aligned

Security Features

Data Encryption

All data encrypted at rest and in transit with industry-standard protocols

  • Database encryption using AES-256 encryption at rest
  • S3 bucket encryption for all uploaded documents
  • All API calls over HTTPS with TLS 1.3
  • End-to-end encryption for sensitive PHI data

Access Controls

Multi-layered security with granular role-based permissions

  • Multi-factor authentication (MFA) available
  • Role-based access control (RBAC) for all users
  • Session management with automatic timeout
  • IP allowlisting for enterprise customers
  • Single Sign-On (SSO) via SAML 2.0 (Enterprise)

Audit Logging

Complete audit trail of all system actions and data access

  • 3-year retention for standard accounts
  • 6-year retention for HIPAA Basic tier
  • 7-year retention for HIPAA Enhanced tier
  • Audit logs protected against tampering
  • Exportable for compliance reporting
  • Real-time alerts for suspicious activities

Infrastructure Security

Enterprise-grade cloud infrastructure with high availability and redundancy

  • AWS cloud infrastructure with 99.9% uptime SLA (99.95% for Enterprise)
  • Daily automated backups with point-in-time recovery
  • Disaster recovery plan with scheduled testing
  • CDN for fast, secure content delivery
  • DDoS protection and web application firewall
  • Multi-availability-zone data redundancy

Compliance & Certifications

Building toward the industry's highest standards

  • SOC 2 Ready — controls built and operating to SOC 2 standards; formal attestation in progress
  • HIPAA-ready infrastructure with BAA available
  • GDPR-aligned data practices with DPAs available
  • Annual third-party penetration testing (scheduled)
  • Automated vulnerability scanning and monitoring
  • Security awareness practices for all team members

Incident Response

Rapid response to security events — automated monitoring with a defined response plan

  • 24/7 automated infrastructure monitoring via AWS CloudWatch
  • Documented incident response plan
  • Breach notification within 24 hours of confirmed incident
  • Regular review of security procedures
  • Coordinated vulnerability disclosure program

AI Governance & Controls

Enterprise-grade controls over AI infrastructure — prompt customization without model access

  • AI model, provider, and temperature settings are system-controlled only — tenant admins cannot alter underlying AI infrastructure
  • Tenant admins can customize prompt language for jurisdiction-specific or organization-specific needs without affecting AI behavior
  • All AI token usage is metered and billed through existing subscription infrastructure
  • Full audit trail of AI interactions for compliance reporting

HIPAA-Ready Infrastructure

Handle healthcare-related disputes with confidence. If your cases involve medical billing disputes, healthcare mediations, or Protected Health Information (PHI), our HIPAA-ready infrastructure has you covered.

HIPAA Basic

  • Business Associate Agreement (BAA) with electronic signing
  • Encrypted PHI storage (AES-256 at rest, TLS 1.3 in transit)
  • 6-year audit logs with access tracking
  • Compliance dashboard with compliance score
  • Annual risk assessments
  • Medical case type support

HIPAA Enhanced

  • Everything in HIPAA Basic, plus:
  • PHI auto-detection and flagging on document upload
  • Advanced redaction tools with review workflow
  • 7-year audit log retention with integrity verification
  • Breach detection and automated alerts
  • Staff HIPAA training compliance tracking
  • End-to-end encrypted messaging with auto-expiring messages
  • Dedicated compliance support

When do you need HIPAA compliance? If you handle medical billing disputes, healthcare mediations, or any cases involving Protected Health Information (PHI), HIPAA compliance is required. HIPAA Basic provides the compliance infrastructure — encryption, BAA, audit trails, and a compliance dashboard. HIPAA Enhanced adds intelligent PHI auto-detection on every document upload, automated breach monitoring, staff training tracking, and end-to-end encrypted messaging with auto-expiring messages for sensitive communications. See pricing →

Data Protection & Privacy

We take your privacy seriously and follow industry best practices

What We Collect

  • Account information (name, email, organization)
  • Case data and documents you upload
  • Usage analytics (anonymized)
  • Payment information (via Stripe)

What We Don't Do

  • Never sell your data to third parties
  • Never use your case data to train AI models
  • Never share data without your consent
  • No advertising or tracking pixels

Your Rights

Data Portability

Export your data at any time in standard formats (CSV, JSON)

Right to Deletion

Request complete deletion of your data within 30 days

Data Access

View and download all data we have about you

Opt-Out

Opt out of non-essential data collection anytime

Questions About Security?

Our security team is happy to discuss your specific compliance requirements, provide documentation, or schedule a security review.

Contact Security TeamPrivacy Policy

Security Disclosure: If you discover a security vulnerability, please contact our security team with "Security Vulnerability" in your message. We have a coordinated disclosure program and will respond within 24 hours.