Compliance Policy
Effective Date: April 17, 2025
HIPAA Studio, operated by Invaluable Labs, Inc., a Delaware corporation founded in 2025, is committed to the highest standards of compliance with HIPAA, GDPR, CCPA, and other applicable regulations. This policy outlines our compliance workflows and commitments.
HIPAA Compliance
- All data is encrypted at rest and in transit using industry-standard protocols.
- Access controls, audit logs, and least-privilege principles are enforced.
- Business Associate Agreements (BAA) are available for covered entities and business partners.
- Incident response and breach notification workflows are maintained and regularly tested.
- All employees receive HIPAA and security training annually.
GDPR & CCPA Compliance
- Support for data subject access, correction, and deletion requests (DSARs).
- Data processing agreements (DPAs) are available for EU and California customers.
- Cookie consent and opt-out workflows are provided as required by law.
- International data transfers are protected by Standard Contractual Clauses or equivalent safeguards.
Security Workflows
- Regular security audits and penetration testing by independent third parties.
- Continuous monitoring, vulnerability management, and incident response plans.
- Employee background checks and ongoing security training.
Compliance Workflows
- BAA workflow: Contact compliance@hipaastudio.com to request a Business Associate Agreement.
- Breach notification workflow: Users are notified of breaches within the required legal timeframe, and regulatory authorities are informed as required.
- Data subject request workflow: Submit requests for data access, correction, or deletion to privacy@hipaastudio.com. All requests are processed within 30 days.
- Security audit workflow: Annual audits are performed, and summaries are available to customers upon request.
Contact
For compliance questions, contact compliance@hipaastudio.com or by mail at: Invaluable Labs, Inc., 123 Main St, Wilmington, DE 19801, USA.
Policy Updates
We update this policy as regulations evolve. Users will be notified of significant changes via email or in-app notification.