Every Row of Data Is a Life
Every row of data is a life whose story deserves to be told with dignity. We are entrusted with data that tells a story about people, often in their most private moments. We are responsible for protecting and securing it against misuse. To meet that commitment, we have made security, privacy, and compliance the foundations of Nuna’s culture, solutions, and operations.
Guiding Principles: Our Approach to Security, Privacy, and Compliance
Privacy by Design
We architect our platform with all aspects of privacy at the core: we treat every person’s data as we would treat our own. Nuna considers privacy both a human right and an ethical value.
Zero Trust Principles
We build and maintain systems that are secure by default, guided by Zero Trust principles. Strong, security-aware engineering practices drive compliance naturally.
A Culture of Security
We foster a security-aware culture backed by effective security mechanisms, continuously evaluating our practices against new and emerging threats.
AI: Applying our Security
and Privacy Principles
We believe the power of Artificial Intelligence must be matched by a profound commitment to ethical and responsible oversight. Our AI governance framework is aligned with the NIST AI Risk Management Framework to ensure safety, fairness, and transparency at every stage.
Human-Led Oversight
We establish clear lines of accountability for all decisions made with the assistance of AI. Human oversight is integrated into all sensitive use-cases, ensuring our technology is designed to augment human capabilities, not replace them.
Rigorous Safeguards and Testing
We conduct comprehensive safety testing and risk assessments before deploying any AI system. This includes annual, independent security reviews and vulnerability assessments of our AI models and infrastructure to identify and remediate potential risks.
Privacy in Model Architecture
We build our AI systems with privacy as a foundational requirement. Critically, client data is never used to train any proprietary or third-party AI models. Instead, we integrate commercially available foundation models in a secure configuration, ensuring that all AI-powered tasks operate within strict boundaries to protect data confidentiality.
Proven Success
Delivering Secure Solutions
We have developed data solutions for partners with the most stringent security and privacy requirements, including the federal government, fortune 20 companies, major health plans, and national provider systems.
SOC 2 Type II Audits
We undergo SOC 2 Type II audits and share the resulting security, availability, and confidentiality reports with our customers.
HIPAA Compliance
We meet all HIPAA and HITECH requirements, including the Privacy, Security, and Breach Notification Rules. All vendors and third parties operate under Business Associate Agreements (BAAs).
Industry Standards
Our policies follow current HIPAA and NIST frameworks across core areas such as application security, data privacy, business continuity, change management, and incident response.
Trust Center
Click Below for on-demand, self-service access to our security
documentation, compliance information, and real-time control updates.