top of page

Privacy Policy

1. Data Sovereignty & Stewardship

Aegis Alliance™ LLC operates on the principle of Data Sovereignty. We do not "own" your data; we are its forensic stewards. We maintain rigorous administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and availability of all Protected Health Information (PHI) and sensitive business intelligence.

 

2. HIPAA Compliance & PHI As a Business Associate (BA)

 

Under HIPAA regulations, Aegis Alliance™ LLC is fully compliant with the HIPAA Security and Privacy Rules.

  • Business Associate Agreement (BAA): We require a signed BAA for all clients in the healthcare or medical-adjacent sectors before access to the Aegis Vault is granted.

  • Encryption: All PHI is stored and transmitted using industry-standard AES-256 encryption.

  • Access Control: We enforce the "Principle of Least Privilege." Access to sensitive data is restricted to necessary protocols only.

 

3. The "48-Hour Secure Deletion" Window

 

Upon the formal termination of a partnership (as outlined in our Operational Continuity Agreement), Aegis Alliance™ initiates a mandatory 48-hour secure deletion protocol.

  • All credentials stored within our internal systems are purged.

  • All access to client-owned environments is revoked.

  • A "Certificate of Deletion" can be issued upon request, confirming that no forensic footprint remains in the Aegis Vault.

 

4. Mandatory Security Tools

 

To maintain the integrity of our HIPAA-compliant environment, all clients must utilize Aegis-approved secure channels:

  • Password Management: 1Password (No plain-text passwords accepted).

  • Communication: Encrypted channels only (Trello/Secure Email).

  • MFA: Multi-Factor Authentication is non-negotiable for all shared accounts.

 

5. Data Breach Protocol

 

In the unlikely event of a security "incident," Aegis Alliance™ maintains a 24-hour notification window. We will provide a full forensic report of the scope and mitigation steps taken, in accordance with HIPAA Breach Notification Rules.

bottom of page