Pricing built for practices, not enterprises.
Per-location pricing. No per-asset surprises. No 12-month enterprise contracts.
- Up to 50 endpoints
- Continuous vulnerability scanning
- Quarterly HIPAA risk assessment
- Email support
- Unlimited endpoints
- Continuous HIPAA risk assessment
- AI Security Analyst with playbook library
- Audit-ready compliance evidence exports
- Cyber insurance documentation packet
- Direct access to founders
- Roadmap influence
- Cyber insurance documentation packet
- Quarterly co-design sessions
What you're replacing: A typical $15,000 annual HIPAA risk assessment, a $4,000-$8,000 vulnerability scanner license, and the consulting hours to make sense of either. We're priced to be cheaper than what you're already spending.
Questions practice owners ask before signing.
No. We connect to your network through a lightweight collector at each location and use credentialed scanning over your existing protocols. No software is pushed to laptops, servers, or medical devices. If you later want endpoint visibility, we can pair with the EDR you already own.
No. The AI Security Analyst runs against scan findings, configuration metadata, and our own validated playbook library. No PHI is sent to any model. Customer-specific context lives in your tenant on HIPAA-eligible AWS services and is never used to train shared models.
Yes. We sign a BAA with every customer before any data flows. A redlineable template is available on request. We also sign BAAs with every subprocessor in the chain.
If OCR opens an investigation, we provide the full historical record of your risk assessments, findings, and remediation actions, mapped to NIST 800-66. We cannot guarantee an outcome, but we can guarantee the evidence is in the format the auditor expects.
The Group tier is billed annually. The Starter tier is month-to-month and you can cancel anytime. Design partners run on a custom contract. There are no termination penalties beyond the remaining term you've prepaid.
Not yet. SOC 2 Type 1 is in progress with a target completion date this year. We will update the Security & Trust page the day it lands. We are HIPAA-aligned today, with a BAA available on request.