The EzMedSource Marketplace is live — 11,644 device models, free for hospitals
Trust & Security

Your data. Encrypted, isolated, and yours.

Healthcare and service data deserves serious protection. The ERP and customer portals run on Microsoft Azure; AI workloads run on Google Cloud. Encryption, tenant isolation, and backups are built in — not bolted on.

Email a Security Question Request Review Docs
HIPAA Ready SOC 2 Aligned ISO 27001 Infrastructure

TLS 1.2+ in transit · AES-256 at rest · Geo-redundant backups every 5 minutes

Compliance Posture

What our badges actually mean

We use words like “ready” and “aligned” on purpose. We don't claim certifications we don't hold. Here's exactly what each one means.

HIPAA Ready

ePHI is encrypted and access-controlled end to end. We sign Business Associate Agreements (BAAs) on Enterprise plans.

SOC 2 Aligned

Our controls map to the SOC 2 trust principles — access control, change management, monitoring. “Aligned” means we run the controls, stated plainly.

ISO 27001 Infrastructure

We run on Azure and Google Cloud data centers that hold ISO 27001 certification. The certificate belongs to the infrastructure — and we say so.

The Specifics

How your data is protected

No vague promises. Here is the actual architecture.

Hosted on Azure and Google Cloud

The ERP and customer portals run on Microsoft Azure, in US regions. AI workloads run on Google Cloud. Both providers operate ISO 27001-certified data centers.

Encrypted in transit and at rest

TLS 1.2+ protects every connection. AES-256 encrypts data at rest. Your operational data is unreadable to anyone but you.

A dedicated tenant per company

Every customer gets a dedicated Microsoft Entra (Azure AD) tenant with multi-factor authentication. Your logins live in your tenant, not a shared pool.

A dedicated database per customer

Your records never share a database with another company's. Isolation is structural, not a software setting.

Backups every 5 minutes

Geo-redundant backups run every 5 minutes with point-in-time recovery. Deleted data sits in a 30-day soft-delete state before it is purged.

Monitored and logged

Microsoft Defender for Cloud watches for threats around the clock. Audit logs record who viewed, edited, or deleted every record.

Data Ownership

You own your data. All of it.

Some legacy vendors hold your data hostage at renewal time. We won't. Export your full database any time, in standard formats — no request ticket, no fee, no waiting period.

If you cancel, your data sits in a 30-day soft-delete state in case you change your mind. After that, it is permanently purged.

  • Full export anytime, in standard formats
  • 30-day soft delete after cancellation, then permanent purge
  • BAAs available on Enterprise plans
  • We never sell, rent, or share your data
100% Your data — full export anytime
5 min Geo-redundant backup frequency
30 days Soft-delete window after cancellation

Security questions, answered

Do you sell our data?

Never. Your data is yours. We do not sell, rent, or share customer data with third parties — full stop.

Can we export everything?

Yes, anytime. Your full database, in standard formats. We don't hold data hostage.

Where is our data hosted?

On Microsoft Azure, in US regions. AI workloads run on Google Cloud. Both providers operate ISO 27001-certified infrastructure.

What happens if we cancel?

Export everything first — then your data sits in a 30-day soft-delete state in case you change your mind. After 30 days, it is permanently purged.

Have a security question?

Email us and a real person answers. Security review documentation is available on request.

Email support@ezbizportal.com Request review docs