ConvergeQA — Security & Privacy

Infrastructure

Hosting AWS Elastic Beanstalk (us-east-1)

Database PostgreSQL (encrypted at rest)

Transport ✓ TLS/HTTPS enforced

Region us-east-1 (N. Virginia)

Passwords are salted and hashed using PBKDF2-HMAC-SHA256 with 100,000 iterations — never stored in plaintext
Optional two-factor authentication (TOTP) with backup codes
Session-based authentication with 7-day expiration
API key access with per-endpoint rate limiting
Per-user rate limiting on reviews (hourly and daily caps per tier)
MFA lockout protection after repeated failed attempts
API keys hashed with SHA-256 before storage — plaintext never retained
Role-based access control (user, admin)

User prompts and uploaded content are sent to selected LLM providers and necessary subprocessors to deliver the review, and retained according to your History and audit-report settings
Review history is retained per your tier (Free: 7 days; Student/Basic/Plus/Pro/Enterprise: full retention while account is active) and can be deleted at any time
Uploaded files are processed in memory and deleted immediately after text extraction
Audit reports include unique verification IDs for checking review metadata and recorded output status
ConvergeQA does not sell user data or share it for advertising; selected AI providers and subprocessors process submitted content only to deliver the service

All payment processing is handled by Stripe, a Level 1 PCI-DSS compliant provider
ConvergeQA never stores, processes, or transmits full credit card numbers
Only Stripe customer IDs and tokenized payment method references are stored
Webhook signatures are verified to prevent spoofed billing events

ConvergeQA is not a HIPAA-covered service. Do not submit protected health information (PHI).
All output is AI-generated and has not been reviewed by a human. Users are solely responsible for verifying accuracy.
ConvergeQA does not provide medical, legal, or financial advice.

Privacy Contact [email protected]

Organization Tuscaloosa Primary Care LLC