Security at Banquet Health

We take security as seriously as you take patient care.

Hospitals run on trust—and Banquet is built with that in mind. We design for clinical-grade reliability, privacy, and compliance from day one. Our infrastructure is cloud-native, HIPAA-ready, and engineered to keep patient data secure without slowing you down.

A badge that reads: "HIPAA powered by Vanta" to show HIPAA compliance

HIPAA Compliant

Verified by Vanta

A badge that reads: "SOC 2 Type II in progress"

SOC 2 Type II

In Progress via Vanta

How we protect your data

Encrypted by Default

All data—at rest or in transit—is encrypted using AES-256 and TLS 1.2+.

We use encrypted AWS RDS instances in private subnets, with regular backups and controlled maintenance windows.

Strict Access Controls

Production is fully separated from non-production environments at the infrastructure level.

Access to production data is tightly controlled with MFA and strict IAM policies, and all access is logged and audited.

Secure by Design

Banquet runs on modern, cloud-native infrastructure built for security and resilience.

We minimize risk by running services in isolated, short-lived environments, reducing exposure and limiting attack surface by design.

HIPAA-ready by default

Banquet was built from day one to support HIPAA-compliant operations.

We sign Business Associate Agreements (BAAs) with all covered entities

Protected Health Information (PHI) is encrypted, access-controlled, and handled in line with HIPAA requirements.

All employees complete HIPAA training and follow strict internal policies

Security built into how we work

Security isn’t just something we build—it’s how we work, every day.

Access & Monitoring

  • Least-privilege access enforced across all infrastructure
  • Single Sign-On (SSO) and Multi-Factor Authentication (MFA) for internal tools
  • Comprehensive logging and real-time alerting for visibility and traceability

Secure Development Lifecycle

  • Peer-reviewed code changes with automated CI testing pipelines
  • Continuous vulnerability scanning of dependencies
  • Secure coding practices and regular dependency audits

Team-Wide Responsibility

  • Background checks and mandatory security training for all employees
  • Clear processes for incident response and vulnerability reporting
  • Internal policies that prioritize security across product, engineering, and operations

“Security isn’t a checkbox for us—it’s a responsibility we carry because lives depend on it. Every decision we make, from infrastructure to daily practices, is built around earning and keeping your trust.”

Nivi Jayasekar
CTO & Cofounder

Questions? Let's talk

Need documentation for your IT review or want to request a BAA?
We’re happy to help: eng@banquethealth.com