Security

SOC 2 Type I in flight at site launch; Type II within 12 months. DPA template available on request. Region-aware hosting available for KSA / GCC engagements.

Free Sandbox: no customer data, ever — synthetic only. Personalized Sandbox: encrypted at rest and in transit; data push via signed URL; data deleted on customer instruction or end of engagement.

OptiCare maintains HIPAA-aware practices on the public site and in the bot — no PHI is processed in public surfaces. Production Care deployments are scoped under separately executed agreements.

Opti Bot operates with retrieval-only context. It refuses to disclose specific contractual commitments, customer information beyond the public anchor list, or content outside the operational decision domain. All conversations are auditable.