Built for PHI from the ground up.
Strata is HIPAA compliant, and we sign a BAA with every practice that handles PHI. Your imaging lives in a managed, secure cloud built for PHI — encrypted in transit and at rest, with access audit-logged so you can see who opened what and when. Data stays in your chosen region, and every demo runs on de-identified synthetic studies, never real patients. The marketing site you’re reading sits entirely outside that perimeter — it never touches patient data.
HIPAA compliant
Strata is HIPAA compliant. Your imaging lives in a managed, secure cloud built for PHI — not on a server in your closet.
We sign a BAA
A Business Associate Agreement is available to every practice that handles PHI.
You know where data lives
Data stays in your chosen region. Your studies aren’t scattered across an opaque network.
Encrypted in transit & at rest
Encrypted in transit and at rest on the managed store, so PHI is never exposed in the clear.
Audit logging
Access to studies is audit-logged so you can see who opened what, and when.
Synthetic demos only
Every demo on this site runs on de-identified synthetic studies, never real patients.
Marketing and PHI never mix.
This website is a static site hosted outside the compliance perimeter. The product — where studies live — runs on a separate, secured domain.
- The marketing site stores no PHI and holds no app credentials or cookies.
- All imaging, auth, and sharing happen on the secured app domain, inside the BAA perimeter.
- Every screenshot and demo here uses synthetic, de-identified studies only.
- Analytics are cookieless and privacy-first — no PII, no tracking that could carry PHI.
Need it in writing for your compliance review?
We’ll send a security one-pager covering architecture, the BAA, data location, encryption, and audit logging — and answer your team’s questions directly.
Security questions before you commit?
Book a call — we’ll walk through the architecture, the BAA, and exactly where your data lives.