Healthcare-grade infrastructure, from the ground up.
Vitala is designed for real clinical environments — with the privacy, security, and compliance posture that healthcare organizations require.
Where we stand on the frameworks buyers ask about.
The table below reflects our current posture. Specific documentation — BAA, DPA, SOC 2 report, sub-processor list, penetration-test summary — is shared under NDA during partnership review.
| Framework | Scope | Status | Notes |
|---|---|---|---|
| HIPAA | United States | Aligned | BAA available under partnership agreement. |
| GDPR | European Union | Aligned | DPA available under partnership agreement. |
| SOC 2 Type II | Trust Services Criteria | In progress | Report available on request when complete. |
| ISO 27001 | Information Security | In progress | — |
| HITRUST CSF | Healthcare risk framework | On request | Discuss timing during partnership review. |
| CE Mark (MDR) | EU medical device framework | On request | Regulatory classification depends on deployment scope. |
| FDA registration | United States | On request | Regulatory classification depends on deployment scope. |
Vitala does not claim independent certification unless explicitly stated. "Aligned" reflects operational practices; formal audit status is shared during partnership review.
How patient data is protected across the platform.
Data residency
Regional hosting available for EU and US deployments. Discussed per partnership.
Encryption
In transit via TLS and at rest with industry-standard encryption.
Access controls
Role-based access. SSO / SAML available for enterprise deployments on request.
Audit logging
Access and administrative actions are logged for review.
Vendor & sub-processor posture
Sub-processor list, hosting regions, and retention schedule are shared with prospective partners under NDA. Vitala reviews sub-processors before engagement and notifies partners of material changes per agreement terms.
Incident & breach handling
Vitala maintains an incident response process aligned with HIPAA and GDPR breach-notification expectations. Specific SLAs are defined in the partnership and data-processing agreements.
Built for the trust healthcare demands.
Privacy by Design
Patient data handled with healthcare-grade privacy controls.
Encryption in Transit & at Rest
Industry-standard encryption across the platform.
Regulatory Alignment
Aligned with the frameworks healthcare organizations rely on.
Access Controls
Role-based access designed for clinical and operational use.
Resilient Infrastructure
Cloud infrastructure built for uptime and continuity.
Documentation Support
Provider-aligned records that fit into real clinical workflows.
More evidence
Build with confidence on Vitala.
Partner with Vitala to bring Exercise as Medicine to your patients — on healthcare-grade infrastructure. Specific compliance documentation shared under NDA.
