1. HIPAA Compliance (Healthcare & Clinics)
At ROME AI, we recognize the critical importance of protecting Protected Health Information (PHI). For our clinical SaaS platforms and PMS integrations, we strictly adhere to the Health Insurance Portability and Accountability Act (HIPAA) standards:
- We execute standard Business Associate Agreements (BAAs) with all medical clinic clients.
- All patient data, intake files, and medical consultation notes are encrypted with strong AES-256 blocks both at rest and in transit.
- We enforce automatic session logouts, multi-factor login policies, and unique auditor IDs to guarantee total traceability of clinical actions.
2. SOC 2 Type II Security Framework
We are committed to operating a highly reliable, transparent operational atmosphere. Our security and compliance policies are built directly around the SOC 2 Trust Services Criteria, ensuring continuous auditing of our systems' Security, Availability, and Confidentiality controls.
3. GDPR & CCPA (Recruitment ATS & Candidate Rights)
For our recruitment agency and ATS automation customers, we strictly protect candidate profile data in compliance with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA):
- Consent: Candidates must explicitly consent to AI resume screenings and automated conversational interviews.
- Right to be Forgotten: Candidates can request complete deletion of their profiles, chats, and records from our databases at any time.
- Data Portability: Users can request a structured export of all candidate metadata collected during their recruitment pipelines.
4. Ethical AI Policy
We implement extensive checks to ensure our AI models are trained on diverse, clean datasets to prevent bias, profiling, or discriminatory practices during automated patient triaging or recruitment ATS matching procedures.