Trust Center
Protecting your data is central to our business.
Rigorous security is not an afterthought at Serent — it is foundational to how we build, operate, and serve the home health agencies who entrust us with protected health information.
HIPAA Compliant
SOC 2 Type II
Continuously monitored
COMPLIANCE
Your privacy is our priority.
Serent protects your data with industry-leading continuous compliance monitoring. We treat all healthcare data with the utmost care and respect, adhering to strict compliance standards that reflect the trust home health agencies place in us.

HIPAA Compliant
Our HIPAA compliance is designed to assess Serent's risk management and regulatory compliance. It includes evaluation of administrative, physical, and technical safeguards related to electronic protected health information (ePHI) an organization creates, receives, processes, maintains, and/or transmits.

SOC 2 Type II Certified
Our SOC 2 Type II certification is designed for service providers storing customer data in the cloud. SOC 2 requires companies to follow strict information security policies and procedures, encompassing the security, availability, processing, integrity, and confidentiality of customer data.
Security
A holistic approach, layer by layer.
We follow a holistic approach to ensuring the security of your data. Serent's systems drive excellence in security and compliance across all aspects of the organization — from infrastructure to people, internal controls to product engineering.
Security is built in, not bolted on.
Infrastructure Security
Hardened infrastructure, built on trusted foundations.
We maintain our service infrastructure with dedicated operational rigor.
Production servers are maintained by GCP; we regularly review attestation reports and perform risk analyses.
Multi-factor authentication (MFA) is enforced on all systems.
Product & Application Security
Encrypted, monitored, and built with secure-by-design discipline.
Data is encrypted both at rest and in transit.
Vulnerability and system monitoring procedures have been established.
Secure coding practices and security testing are applied throughout the SDLC to prevent vulnerabilities.
Internal Security
Controlled access. Documented change. Reviewed capacity.
Access requests reviewed and processed as required.
Production deployment access restricted to authorized personnel.
Change management procedures enforced across the engineering lifecycle.
Configuration management system established and maintained.
Third-party agreements in place to govern external dependencies.
System capacity reviewed on an ongoing basis.
Organizational Security
A security-first culture, end to end.
All endpoints are encrypted.
Password policy is enforced across the organization.
Ongoing security training and advisory for all personnel.
Contractors sign Confidentiality Agreements and BAAs.
Production inventory is maintained and reviewed.
Employees acknowledge Confidentiality Agreements.

What you can expect
Three commitments we hold
ourselves to.
Protecting your data is central to our business, which is why we employ rigorous security measures across every layer of the organization.
Automated security controls
Automated security controls ensure your data remains protected — enforced continuously, not as a one-time check.
Continuous governance
Robust governance programs and continuous monitoring ensure that safeguards remain effective and resilient in a dynamic regulatory landscape.
Rigorous standards, always
Customers can expect Serent to uphold rigorous information security and privacy standard as we innovate and transform healthcare
Still have a question?
Ask us directly
Contact us at hello@serent.ai to see how we can work with your organization.
Discover how Serent can unlock value through our AI solutions across all stages of your healthcare journey.
