01 / SECURITY

A security posture built around deletion.

CareSwift is engineered to hold the smallest amount of data we need — for the shortest time it can do its job. Most reports clear our system in under an hour. None stay longer than 24. Deletion is on a schedule you can audit, not a favor you have to ask for.

Most reports are gone in under an hour.

Talk to security View Vanta trust report
02 / AI POSTURE

Where AI fits — and where it doesn't.

Reactive compliance scanning.

Our main product reads finished reports and flags compliance gaps before submission — missing fields, contradictory vitals, narratives that don't support the level of service billed. The medic sees the issue, fixes it, and signs. The AI does not write any part of the report.

Optional scribe.

A separate, opt-in feature that takes what the medic provides — dictation, structured fields, free text — and organizes it into a clean narrative. It restructures input. It never adds information that wasn't there.

Never invents information.

Vitals, times, signatures, narrative — nothing is generated from nothing. Guardrails and validators reject any output that isn't grounded in medic input.

Never submits a report.

Every PCR is reviewed and signed by the medic who ran the call. No auto-submission, no overnight batch, no exceptions.

Never makes a clinical decision.

The AI does not diagnose, triage, or recommend treatment. It checks documentation and structures language — nothing more.

Never trains on your PHI.

Zero-retention agreements with every model provider we use. Your data is never logged, retained, or fed into training pipelines.

03 / RETENTION GAP

Most EMS software keeps your records for seven years.
We keep them for under a day.

a 2,520×
shorter window.

Industry default EMS / EHR vendors

61,320hours retained

Most vendors retain PHI for the full seven-year HIPAA minimum. Your run from this morning is still on a server through October 2032.

2,520× shorter

CareSwift retention ceiling

≤24hours retained

PHI clears our systems within one billing cycle. By the time a run reaches the carrier, the record on our side is already gone.

Why it matters

Less time on our servers means a smaller surface area for everyone — patients, agencies, and us.

How we get there

PHI is encrypted in transit, processed in-region, and cleared from our systems within 24 hours of dispatch.

What's retained

Aggregate billing metadata only — no narratives, no demographics, no identifiable PHI of any kind.

04 / SECURITY POSTURE

Posture, on the record.

Continuously monitored. Linked to the source so you can verify on your own time — not ours.

🔒 compliance.careswift.com/ PUBLIC · LIVE
CareSwift / TRUST

Trust & Compliance

A public, third-party-monitored view of CareSwift's security posture. Updated continuously by Vanta.

All controls compliant Audited continuously by Vanta
HIPAA Compliant

Health Insurance Portability and Accountability Act

Continuous controls monitoring via Vanta. Public trust report.

TODAY just now
BAA Compliant

Business Associate Agreement

Standard BAA on file before go-live. No legal-team gauntlet.

ISSUED same-day
DATA RESIDENCY Compliant

United States only

AWS us-east + us-west. Multi-region for resilience. No data leaves U.S. infrastructure.

REGION verified
AUDIT LOGS Export on demand Available for any record we hold or held.
SUBPROCESSORS Listed in Vanta Live, maintained by us, audited externally.
INSURANCE Same-day issuance Cyber & E&O certificates on request.
Don't take our word for it. This page is the source of truth. Open compliance.careswift.com