Privacy & Data Stewardship

SimpleScore respects patient privacy by keeping all scoring workloads in your Snowflake account. This page outlines the safeguards, operational standards, and customer controls built into the product.

Back to Trust Center Contact Support
Privacy Pillars

How SimpleScore Keeps Protected Health Information Safe

SimpleScore was engineered for HIPAA-aligned organizations that need deterministic risk scoring while honoring strict governance requirements.

πŸ“

Data Residency

Source tables, intermediate sets, logs, and generated risk scores remain in your Snowflake databases. Snowflake Container Services executes code in place with no external network calls.

πŸ›‘οΈ

Access Controls

You grant the application role least-privilege access during install. Revoke, rotate, or tighten privileges at any time to align with internal governance.

πŸ”

Secrets & Configuration

Configuration values live in Snowflake tables within your account. No secret material or telemetry is transmitted back to SimpleScore or any third party.

No External Data Flows The app avoids outbound calls. REST endpoints stay inside Snowflake's private network so PHI never crosses the public internet. No external access integrations are required or supported.
Customer-Controlled Logging Telemetry tables such as SCORE.SCORE_LOG are created during deploy inside your account. You can truncate, mask, or disable them entirely.
Auditability Review the SQL artifacts, stored procedures, and service manifests. Combine with Snowflake access history to demonstrate compliance.
Support Process Support teams only engage with sanitized logs or synthetic data you provide. Temporary access requires your explicit grant and can be revoked immediately.

β€œThe native deployment model meant our compliance review was straightforward. Everything stays in our account, and the telemetry toggles gave privacy the control they needed.”

β€” Director of Data Governance, Duals Program