Security

Kluse is designed with healthcare-grade privacy workflows, role-based access, audit logging, compliance gates, and environment separation.

Kluse uses encrypted transport and platform-level storage protections. Access should be limited to authorized users based on workspace role and operational need.

Patient import and outreach are locked until required onboarding steps are complete, including practice profile, legal acceptance, attestation, subprocessors review, and BAA status where applicable.

Sensitive actions such as legal acceptance, uploads, campaign approval, launch attempts, suppression changes, and data requests are logged in an audit trail. Audit metadata should avoid PHI unless legally reviewed.

Hosting, authentication, payments, communications, AI voice, analytics, and support vendors are listed on the subprocessors page.

Kluse does not claim SOC 2, ISO 27001, HITRUST, or certified HIPAA compliance unless those certifications are actually obtained and reviewed.