Built for legal and medical from day one.
Concrete claims, not adjectives. If you need detail beyond what's here for a vendor review or BAA, talk to us.
HIPAA
Trellys is HIPAA-aware. We sign Business Associate Agreements with medical and legal firms handling PHI. PHI processed on the substrate stays in tenant-isolated Postgres on Fly.io with encryption at rest and in transit.
Data isolation
Every customer firm runs against a tenant-scoped Postgres database (per-firm Neon projects for BI/reporting workloads). No cross-firm data sharing, ever.
AI model handling
Trellys uses Anthropic Claude. No model training on your data, Anthropic's zero-retention API is used for all customer workloads. Member firms can bring their own Anthropic keys for full cost + access control.
Incident response
Production incidents are responded to by the engineering team that built the platform. Phone: +1 (817) 508-2702. Email: security@trellys.com. Member firms have a dedicated escalation line.
Compliance roadmap
SOC 2 Type II and HITRUST work in progress. Detailed status and current artifacts available under NDA, request via the demo form.