Patient data is sacred.
We built ZigBuddy for home health from day one, which means HIPAA isn't a checkbox we added later — it's a constraint we designed around. Here's how we protect your data and what we won't do with it.
Encrypted everywhere
TLS in transit between every device, browser, and server. Patient data at rest is encrypted by our cloud provider with industry-standard key management.
Authentication
Sign in with Apple, Google, or email. Account access controls live with the platform identity providers — no password databases for us to leak.
AI under tight rein
AI is optional. When you use it, only the data needed to answer your prompt is sent to our AI service provider. We don't allow providers to train on your data.
HIPAA-aligned
Administrative, physical, and technical safeguards consistent with HIPAA. A Business Associate Agreement is available to any Covered Entity or Business Associate that needs one.
Need a BAA?
If your organization is a Covered Entity or Business Associate under HIPAA and your use of ZigBuddy involves Protected Health Information, your organization needs to sign a Business Associate Agreement with ZigBuddy before submitting PHI.
Send us your organization's name and we'll get you started.
Helpful to include
- Legal name of your organization
- Name, title, and email of your signatory
The list is short. We mean it.
- 01 We don't sell your data.
- 02 We don't share it with advertisers.
- 03 We don't let AI companies learn from it.
- 04 We don't store your data outside the U.S.
What if something goes wrong?
We notify affected customers as required by law and our agreements. If you believe your account is compromised, get in touch — we respond immediately and lock it down.
Questions about how we handle your data?
Send a note. A real person reads every one.