Security & Data Handling

Truth Pattern Labs operates governance and verification middleware and does not store, process, or persist protected health information (PHI).

System Design Principles

All systems are designed with least-privilege access, fail-closed execution controls, and immutable audit logging. Any interaction with external APIs occurs behind authenticated access controls and is limited to internal development, testing, and validation workflows.

Data Retention

Truth Pattern Labs does not train models on customer data and does not retain API inputs or outputs beyond transient execution required for governance and verification.

Regulatory Status

Truth Pattern Labs is not a Covered Entity and does not provide healthcare services; we operate as a governance and compliance infrastructure provider supporting organizations subject to HIPAA.