You’re routing patient conversations through us. Here’s how we earn that.
Everything on this page is what we actually have today — no aspirational badges. Where something is in progress, it says in progress, with where to check back. Want any of it in writing before a pilot? One email.
HIPAA-first, not HIPAA-adapted.
Revado operates as a business associate to your practice. PHI is processed only to deliver the service — conversations, scheduling, and write-back to your PMS — never for advertising, and never sold.
Patient data is encrypted in transit and at rest. Access to production systems is restricted, logged, and reviewed.
Roles are scoped: your team members see what their role needs, and every PHI access is timestamped and exportable. The audit log is built into the product, not bolted on.
PHI retention and deletion terms are defined in the BAA. On termination, PHI is returned or deleted per the agreement — you don’t have to chase us for it.
The documents procurement will ask for.
Available on request before any pilot starts — not after. Email trust@revado.ai and we’ll send it the same day.
The vendors that touch data — telephony, LLM, SMS, and transcription providers — are disclosed in the BAA addendum, with the data category each one handles. Full current list available on request.
In progress. We’ll publish the auditor and report date on this page as soon as the audit window closes. Until then, we’re happy to walk your security reviewer through our controls directly.
Send us yours — vendor security questionnaires and risk assessments are answered by the team that built the system, typically within a few business days.
When something needs attention.
Security incidents are triaged immediately and affected practices are notified per the BAA’s breach-notification terms. The direct line is trust@revado.ai.
Found something? Email security@revado.ai. We read every report, respond to actionable ones, and credit researchers who ask.
Voice and text agents operate inside scripts and escalation rules your practice approves. Clinical questions are never answered by the AI — they route to your team by rule.
Your patient list is yours. We don’t use one practice’s data to serve another, and campaigns only reach patients from your own chart.
What security reviewers ask us.
Will Revado sign a BAA before we share any patient data?
Yes — that’s the required order of operations, not a favor. Email trust@revado.ai and the BAA arrives the same day, before any pilot or data connection begins.
Is Revado SOC 2 certified?
SOC 2 Type II is in progress. We publish the status honestly rather than claiming a certificate we don’t hold yet, and we’ll post the auditor and report date here when the audit window closes. Your security team can review our controls directly in the meantime.
Which vendors see patient data?
Telephony, LLM, SMS, and transcription subprocessors — each disclosed in the BAA addendum with the data category it handles. Request the full current list at trust@revado.ai.
Can we audit what the AI said to our patients?
Yes. Every conversation — voice and text — is recorded as a thread with timestamps, and PHI access is logged and exportable. Nothing the agent does is invisible to the practice.
More questions on the product itself? See the full FAQ or our privacy policy.
Put our answers in front of your security reviewer.
BAA, subprocessor list, and questionnaire answers — sent same day. If your reviewer wants a call with the engineers who built the system, we’ll set it up.