Solutions · By role

The audited AI platform
for compliance officers.

You're the person who has to say yes before AI goes anywhere near patient data, client files, or regulated records. HASP is built so that answer can be yes — with a signed audit trail your auditors can verify independently, a BAA countersigned in-app, and a compliance control set that covers HIPAA, GDPR, and CCPA from a single platform.

Talk to Sales Recommended plan: Platform · Professional →
Compliance · frameworks we ship under
Active HIPAA BAA included
AOC under NDA SOC 2 Type II · inherited
AOC under NDA HITRUST r2 · inherited
EU + UK GDPR Art. 17 · 20 · 30
Active + CPPA-ready PIPEDA / CPPA Canada
Q3 2026 ISO 27001 In progress

Built-in compliance

Every action logged. Every log verifiable. By anyone.

  • Your auditors can verify the audit chain on their own machine — they don't need access to HASP, and they don't have to take our word for it.
  • GDPR right-to-erasure, data portability, and processing records are covered at the platform layer — not something you have to build or bolt on separately.
  • Confirmed security incidents trigger a customer notification commitment aligned with the DPA — without undue delay, and in any event within the regulatory timelines (72 hours for personal-data breaches under GDPR Article 33). Full incident-response posture is at the Trust Center.
View the full trust center →

What teams use HASP for

The workflows that brought you here.

A BAA you can actually countersign

HASP' BAA is countersigned in-app by your organization's authorized signer — no faxed PDFs, no back-and-forth with a vendor's legal team. The countersign event itself is logged to the audit chain with a timestamp you can export.

Audit trail that stands up to your auditors

Every AI action across every surface — chat, documents, API calls, internal apps — is one entry in a hash-chained, Ed25519-signed log. Your auditors can verify the chain on their own machine with no HASP software in the loop. Sample export available at /trust/audit-export-sample.json.

PHI scanning you can configure, not just trust

HASP's own PHI handling pipeline scans every inbound prompt for HIPAA Safe Harbor categories. Per-org policy controls what happens on detection: redact, allow with logging, or block. The detection event, the category, and the action taken are all on the audit chain. PHI handling is HASP-owned, not delegated.

Multi-framework compliance from one control set

HIPAA, GDPR Articles 17/20/30, and CCPA/CPRA are covered by a single control set — not separate product tiers. If your organization operates across jurisdictions, you don't manage three compliance postures.

Data residency and isolation you can document

Enterprise organizations run on a dedicated data plane — no logical multi-tenancy at the data layer. US-only or EU-only data residency available on Enterprise. Custom data residency options available for organizations with specific regulatory requirements.

The HASP platform, on this surface

Product surfaces that matter most for compliance officers.

Product

Audit & Trust

A tamper-evident record of every action across every surface — signed, chained, and independently verifiable. The thing procurement teams stop scrolling for.

View Audit & Trust →

Product

Chat & documents

A HIPAA-ready chat interface and document analysis tool for your whole team. Ask questions, get summaries, upload files — all with PHI scanning built in and every action on your audit trail.

View Chat & documents →

See it end-to-end

Workflows that map to compliance officers.

Scenario

Compliance export

Signed audit export your examiner can verify on their own machine.

Walk through compliance export →

Try it before you commit to anything.

Start a Free Evaluation and use every feature — AI chat, document analysis, the API, internal app builder — on non-patient data. When your organization is ready to work with real patient records, sign the BAA in-app. No procurement back-and-forth, no waiting.

Talk to Sales See the platform overview →