Legal entity
EMS Ops Hub, Inc.
Delaware C-Corp · 2026
Headquarters
Philadelphia, PA
Remote-first
EIN
On request
Provided to verified vendors / counsel
BAA
Available
Signed at pilot kickoff
Data residency
United States
us-east-1 primary
Insurance
In-binding
Cyber + E&O placements 2026
Security & compliance posture
Updated quarterlyHIPAA-aligned by design
BAAs with infrastructure subprocessors. PHI segregated in dedicated tables, RLS-enforced at the database boundary, audit logs on every read/write of patient data.
SOC 2 Type I roadmap
Targeting Type I attestation within 12 months of pilot launch. Drata/Vanta-grade controls already in place: access reviews, change management, vulnerability scanning, encrypted backups.
Encryption everywhere
TLS 1.2+ in transit. AES-256 at rest. Per-row RLS. Service-role keys never exposed to the client. Secrets rotated via vault.
Auditability
Immutable PHI change log. Decision ledger for AI surfaces. Quarterly access reviews. Customer-exportable audit trails.
Subprocessors
Supabase (Postgres + Auth + Storage), Cloudflare (edge), Mapbox (geocoding), OpenAI / Google (model providers — no PHI sent without redaction). Full list provided under NDA.
Operational continuity
Daily encrypted backups, point-in-time recovery to 7 days, documented incident response runbook, on-call rotation maintained by founding team during pilot.