PurpleAI Logo

Security Policy

Effective Date: [To be determined]

1. Certifications & Compliance

PurpleAI maintains the following active certifications:

  • ISO 27001 — Information Security Management System
  • ISO 13485 — Medical Device Quality Management System
  • GMP — Good Manufacturing Practice
  • FDA 510(k) — US Federal regulatory clearance (K240353)
  • Korea MFDS — Korean regulatory approval

2. Data Encryption

All data is encrypted using AES-256 at rest and TLS 1.3 in transit. DICOM images are processed within isolated, encrypted compute environments with no persistent storage beyond the analysis session unless explicitly configured by the customer.

3. Cloud Infrastructure

PurpleAI uses cloud-native deployment with no on-premise hardware required. Infrastructure is hosted in SOC 2-compliant data centers with 99.9% uptime SLA. Multi-region deployment available for enterprise customers.

4. Access Control

Role-based access control (RBAC), multi-factor authentication (MFA), and audit logging are standard across all deployments. Integration with hospital SSO/LDAP systems is supported.

5. Vulnerability Management

We conduct regular penetration testing, dependency scanning, and security audits. Responsible disclosure inquiries can be directed to purpleai@purple-ai.co.