Security & Compliance
Cardinal is built with enterprise-grade security and compliance at its core. We understand that document processing often involves sensitive data, and we've designed our platform to meet the highest security standards.
Security Overview
Documents are encrypted using AES-256 encryption during transmission and storage, ensuring your sensitive data remains protected throughout the entire processing pipeline.
We don't store your documents when using the API. Once processing is complete and results are delivered, all document data is permanently deleted from our systems within minutes.
Compliance Certifications
Cardinal is HIPAA compliant and can process protected health information (PHI) securely.
- • Business Associate Agreements (BAA) available
- • PHI encryption and access controls
- • Audit logging and monitoring
- • Risk assessments and safeguards
Independently audited for security, availability, and confidentiality controls.
- • Annual third-party security audits
- • Continuous monitoring and testing
- • Incident response procedures
- • Change management controls
Your documents are never stored on our servers beyond processing time.
- • Immediate deletion after processing
- • No backup or archival storage
- • Temporary processing only
- • Audit trail of deletion events
- • ISO 27001: Information security management system certification
- • GDPR: European data protection regulation compliance
- • CCPA: California Consumer Privacy Act compliance
- • PCI DSS: Payment card industry data security standards
- • NIST Framework: Cybersecurity framework implementation
- • FedRAMP: Federal risk and authorization management program
- • FISMA: Federal information security modernization act
- • ITAR: International traffic in arms regulations compliance
Data Protection
Data in Transit
- • TLS 1.3 encryption for all API calls
- • Perfect Forward Secrecy (PFS)
- • Certificate pinning
- • HSTS enforcement
Data at Rest
- • AES-256 encryption
- • Hardware security modules (HSM)
- • Key rotation and management
- • Encrypted database storage
Upload & Encryption
Document encrypted during upload using TLS 1.3
Processing
OCR processing in isolated, encrypted containers
Results Delivery
Encrypted results returned via secure API
Immediate Deletion
All document data permanently deleted within 5 minutes
Infrastructure Security
- • Multi-region deployment with failover
- • Auto-scaling and load balancing
- • Network segmentation and firewalls
- • DDoS protection and rate limiting
- • 24/7 infrastructure monitoring
- • Real-time threat detection
- • Automated incident response
- • Vulnerability scanning and patching
- • Security information and event management (SIEM)
- • Penetration testing and security audits
Access Controls
Authentication
- • Multi-factor authentication (MFA)
- • Single sign-on (SSO) integration
- • API key management and rotation
- • OAuth 2.0 and OpenID Connect
Authorization
- • Role-based access control (RBAC)
- • Principle of least privilege
- • Resource-level permissions
- • Audit logging and access reviews
Need More Information?
For detailed security documentation, compliance reports, or to discuss specific security requirements for your organization, contact our security team.