Security
adapterOS is designed for sensitive document work in environments where data movement, local access, and reviewer trust matter.
Why healthcare teams choose adapterOS
PHI never leaves your environment
Charts, claims, research, and clinical documents are processed locally — no PHI egress, BAA-ready deployment.
An OCR-ready audit trail
Every answer carries cited sources and a replayable record for HIPAA accountability and internal governance review.
Built for the new disclosure laws
Local control and clear AI provenance align with HIPAA and 2026 state rules such as California AB 489 and Texas TRAIGA.
Threat model
Primary attack surfaces
Supply chain integrity, insider risk, local privilege abuse, record deletion, and removable media handling. Offline shifts the problem from network defense to local controls and review discipline.
Mitigations
Model hash verification before use. Policy-bound workflows. Reviewable source trails. Change tracking. No outbound network calls. No telemetry. Explicit, verified updates.
Access control and isolation
Role-based access
RBAC and policy packs define what each role may do, enforced before a workflow is activated.
Tenant isolation
Workloads and evidence are isolated per tenant, so separate teams, programs, or classification levels do not share state.
Authenticated interfaces
Access to the web UI, REST API, and CLI is gated by JWT or API keys.
Security contact
Email: [email protected]
Acknowledge within 2 business days. Initial assessment within 5 business days.
On-prem adapterOS has no required external service dependency for sensitive document work. Website dependencies disclosed publicly: Resend (email delivery) and Cloudflare (hosting).
Start with a fixed-scope pilot
One workflow, your environment, hardware included — roughly 4–8 weeks from kickoff. You leave with a replayable evidence record you can show your reviewers, whether or not you proceed.