Trust

Security & Compliance

In one sentence

CyberCore is an early-access dental IT product with a conservative security posture: limited access, scoped data collection, owner-controlled remediation, and written customer agreements for sensitive deployments. We do not claim SOC 2, ISO 27001, HITRUST, or HIPAA certification on this page.

Last updated

What is CyberCore's current security posture?

CyberCore is currently an early-access product. The security posture is intentionally narrow: restrict access, collect only operational signals needed for the service, keep remediation owner-controlled, and use written customer agreements before sensitive production deployments. This page describes that posture honestly; it is not a certification report.

What does CyberCore try to minimize?

The product is designed around infrastructure visibility, not clinical record management. The default posture is to minimize patient-data exposure, avoid public-form collection of sensitive records, and keep diagnostic data tied to operational troubleshooting rather than broad data collection.

How is remediation controlled?

CyberCore's product position is owner-governed automation. Autonomous remediation should be scoped by an allowlist, visible to the practice owner, and logged so the owner can review what the system saw and what action it took. Early-access deployments should define the exact permission boundary in writing before production use.

What claims are we not making?

CyberCore does not currently claim SOC 2 certification, SOC 2 readiness, ISO 27001 certification, HITRUST certification, PCI compliance, or HIPAA certification. HIPAA is a shared legal and operational responsibility for covered entities and business associates, not a badge this page can grant.

What about HIPAA and protected health information?

Dental practices are responsible for their own HIPAA program, policies, risk analysis, access controls, vendor management, and patient-data workflows. If a CyberCore deployment requires processing protected health information, that scope should be handled through an appropriate customer agreement and, where applicable, a business associate agreement before go-live.

What can customers ask for during evaluation?

Before any sensitive deployment, customers should ask for:

  • the current data-flow description for the planned deployment;
  • which systems, logs, and identifiers CyberCore needs to process;
  • who can access support or diagnostic data;
  • what actions, if any, the product is allowed to take automatically;
  • how incidents, support escalation, and offboarding are handled; and
  • which contract terms govern protected health information, if any is in scope.

How do we handle security reports?

If you believe you found a security issue in CyberCore or on cybercore.dental, email hello@cybercore.one with enough detail to reproduce the issue. Please do not access customer data, disrupt service, or perform destructive testing.

Will this page change?

Yes. As the product, controls, customer contracts, subprocessors, and security review process mature, this page should become more specific. Until then, the honest posture is early access, limited claims, written agreements for sensitive use, and no fabricated compliance badges.

Ask Core AI