Privacy and security for mental health care
Samata Health is built to protect sensitive information across therapy access, employer-sponsored benefits, therapist workflows, and platform operations. We combine contract, product, and security controls to support responsible access, care coordination, and documentation without exposing more information than needed.
Privacy by design
Care access data, benefit details, and protected health information are handled with purpose limitation and confidentiality from intake through ongoing support.
Secure access
Role-based permissions, authentication controls, and least-privilege practices help limit access to sensitive systems and records.
Operational clarity
Policies, vendor review, incident response, and documentation practices support clear security responsibilities across the platform.
Compliance
Samata focuses on the safeguards and privacy practices expected for sensitive health information and workplace wellness administration.
HIPAA
Privacy and security for protected health information.
View notice
SOC 2
Independent review of security and availability controls.
Request Privacy Policy
How Samata collects and handles personal information.
View policy Terms of Service
Samata platform and services legal terms.
View terms Security documentation
Need documentation for security review, procurement, or internal evaluation? Request the materials you need.
Acceptable Use Policy
Guidelines for responsible use of Samata systems, services, and resources.
Request Access Control Policy
How Samata manages access permissions, authentication, and account controls.
Request Encryption Policy
How Samata protects data in transit, at rest, and while using approved services.
Request Information Security Policy
Security controls, employee responsibilities, and governance practices.
Request Physical Security Policy
Safeguards for equipment, devices, facilities, and physical workspaces.
Request Risk Assessment / Management Policy
How Samata identifies, evaluates, tracks, and remediates security and operational risk.
Request Business Continuity / Disaster Recovery Policy
How Samata prepares for disruption, recovery, and continuity of critical operations.
Request Network Security Policy
Controls that help protect systems, networks, environments, and connections.
Request Data Classification Policy
How Samata categorizes information and applies handling standards based on sensitivity.
Request Incident Response Policy
How Samata detects, investigates, responds to, and documents security incidents.
Request Vendor Management Policy
How Samata reviews third-party services that support platform operations.
Request Data Retention Policy
How Samata manages retention, deletion, and lifecycle requirements for data.
Request Monitoring and Safeguards
Samata maintains operational and product controls to support privacy, security, availability, and responsible data handling.
Access Security
-
Role-Based Access Control - Multi-Factor Authentication
- Least Privilege Permissions
- Access Review Process
Data Protection
- Encryption in Transit
- Encryption at Rest
- Data Classification Policy
- Secure Data Handling
Privacy Operations
- Privacy Impact Review
- Employer Reporting Controls
- Aggregated Reporting Defaults
- Protected Health Information Handling
Platform Availability
- Application Health Monitoring
- Infrastructure Reliability
- Disaster Recovery Planning
- Service Availability Review
Incident Response
- Incident Response Plan
- Security Event Review
- Post-Incident Documentation
- Remediation Workflow
Vulnerability Management
- Vulnerability Management Policy
- Patch Management Process
- Security Testing
- Remediation Tracking
Risk Management
- Risk Assessment Process
- Risk Register
- Vendor Risk Review
- Risk Treatment Planning
Network Security
- Network Security Policy
- Endpoint Security
- Network Monitoring
- Firewall and Access Controls
Subprocessors
Samata may work with carefully reviewed vendors that help provide hosting, communication, payments, analytics, security, and platform operations.
OpenAI
AI API
PostHog
Product analytics
Segment (Twilio)
Event data pipeline
Sentry
Error monitoring
Customer.io
Messaging and emails
Vercel
App hosting
AWS
Cloud provider for storage and compute
Stream
In-app messaging/chat
Stripe
Payment processing and billing