Security Policy

Administrative, technical, and physical safeguards protecting PHI processed within File Logic.

Home

Organization: Control Alt Growth

System: File Logic

Effective: December 2025

Contact: hello@filelogic.app

Purpose

To outline administrative, technical, and physical safeguards protecting PHI processed within File Logic.

Technical Safeguards

  • Encryption in transit (TLS 1.2+)
  • Encryption at rest (GCP default)
  • Firestore RBAC + organization isolation
  • Firebase Auth with unique IDs
  • Session timeout (60 min)
  • Audit logging (Firestore, IAM, Aiplatform, Cloud Run)
  • Secure deletion (3-pass overwrite)
  • No PHI in logs
  • MFA required for admin accounts

Administrative Safeguards

  • Annual HIPAA training
  • Risk assessments
  • Incident response plan
  • Vendor/BAA management
  • Access reviews (quarterly)

Physical Safeguards

Managed by Google Cloud under its BAA and physical security certifications.

Security Officer

Bridger Towersecurity@filelogic.app (or hello@filelogic.app)