Security

Built for healthcare. Secured for trust.

Jengu is designed around HIPAA requirements, uses industry-standard encryption at every layer, and logs security-relevant events in an append-only audit trail. Here is exactly how your data is protected.

How we protect your data

HIPAA design intent

Jengu is built to meet HIPAA requirements and operates under signed Business Associate Agreements with our infrastructure partners. Access controls, audit logging, and minimum-necessary data use are built into every layer of the system.

Encryption at rest

All documents, account data, and database fields are encrypted at rest using AES-256 - the same standard used by financial institutions and healthcare enterprises.

Encryption in transit

All data transmitted between your browser and Jengu's servers is protected by TLS 1.3. Connections to AI processing and infrastructure partners use encrypted channels.

Audit logging

Security-relevant events - including letter generation and outbound fax - are recorded in an append-only audit log. Logs are stored server-side and cannot be modified by client code.

Row-level security

Every document and record in Jengu is scoped to your user account through database-level row security policies. Other users cannot access your data even if they share the same platform.

No production source maps

Production JavaScript builds do not include source maps. Sensitive logic and infrastructure details are not exposed in the browser.

What we never do

These are standing commitments, not fine print.

  • Sell your health data or personal information to any third party
  • Share your documents with advertisers or data brokers
  • Use your PHI for ad targeting or behavioral profiling
  • Access your account data without a valid operational or compliance reason
  • Send your documents to any AI provider beyond what is necessary to generate your analysis

Your rights

Data deletion

You can delete your account and associated documents at any time from Privacy settings. We remove your data from active systems upon confirmed deletion request.

Data export

You can request an export of the data Jengu holds about you. Export requests are fulfilled manually - contact support@jengu.health.

Access on request

You have the right to request a summary of what information Jengu holds and how it is used. Contact privacy@jengu.health to make a request.

Business Associate Agreements

Jengu is built to meet HIPAA requirements and operates under signed Business Associate Agreements with our infrastructure partners. Organizations that require a BAA with Jengu Health directly can contact us to discuss your compliance needs.

  • BAA available for eligible enterprise customers
  • Security questionnaire support for procurement teams
  • Dedicated contact: security@jengu.health

SOC 2 roadmap

We are aligning our controls with SOC 2 Trust Services Criteria. Formal SOC 2 Type I and Type II reports are on our roadmap as we scale. Until reports are published, we document controls internally and share summaries with enterprise prospects under NDA.

  • Control mapping in progress
  • Annual third-party assessment planned
  • Transparency with customers during onboarding

Reporting a security concern

If you discover a potential security vulnerability or have a concern about how your data is handled, please contact us promptly. We take every report seriously and respond as quickly as possible.

Email security@jengu.healthUse the contact form

Questions about HIPAA, BAAs, or our security program? Email security@jengu.health or read our HIPAA compliance page.