How NOWaiT protects your practice and patient data
NOWaiT is purpose-built for healthcare practices. We understand the regulatory requirements of handling patient communications and have designed our platform with HIPAA compliance as a foundational requirement, not an afterthought. We provide Business Associate Agreements (BAAs) to all customers and maintain strict data handling procedures across our entire technology stack.
All data is encrypted using AES-256 at rest and TLS 1.2+ in transit. Voice recordings, transcripts, patient names, and contact information are encrypted end-to-end.
NOWaiT is built on Supabase (SOC 2 Type II certified) and deployed on Vercel with enterprise-grade security. Our voice AI partner, Retell AI, is SOC 2 Type II certified and HIPAA compliant.
Row-Level Security (RLS) ensures each practice can only access their own data. Multi-tenant isolation is enforced at the database level, not the application level.
We execute BAAs with all sub-processors that handle Protected Health Information (PHI). BAAs are available for all NOWaiT customers upon request.
NOWaiT is designed as a marketing and front-office automation platform. We minimize PHI exposure by focusing on scheduling, communication, and review management rather than clinical data.
All user actions are logged in an immutable activity log. Access events, data modifications, and system activities are tracked for compliance auditing.
| Provider | Purpose | Certifications |
|---|---|---|
| Supabase | Database & Authentication | SOC 2 Type II, HIPAA |
| Retell AI | Voice AI Agent | SOC 2 Type II, HIPAA |
| Twilio | SMS Messaging | SOC 2, HIPAA eligible |
| Vercel | Application Hosting | SOC 2 Type II |
| Stripe | Payment Processing | PCI DSS Level 1, SOC 2 |
| Anthropic | AI Content Generation | SOC 2 Type II |
We provide Business Associate Agreements to all NOWaiT customers at no additional cost. To request a BAA or discuss your practice's specific compliance requirements, contact us: