Skip to main content

Business Associate Agreement (BAA)

Some organizations need a Business Associate Agreement before using Hana due to handling of Protected Health Information (PHI). Hanabi Technologies offers a standard BAA for customers that require HIPAA compliant safeguards. Key points include:

  • Runtime only processing – Hana processes conversations at runtime and does not store chat history unless you explicitly save memories or reports.
  • Encrypted storage – Any data that you choose to save is encrypted at rest in MongoDB Atlas and protected with strict access controls.
  • No secondary use of PHI – Saved information is never mined for analytics or used to train models. It is only used to provide the requested Hana features.
  • Subcontractor safeguards – Cloud providers like Google Cloud and MongoDB Atlas are selected for their strong security posture. Hanabi remains responsible for data in the application layer.
  • Breach notification – We notify affected customers of any breach of unsecured PHI without unreasonable delay and within 60 days of discovery.

Customers may request deletion of their data at any time and may audit our compliance with the BAA upon reasonable notice. If your organization requires a signed BAA, contact us at support@hanabitech.com.