meet BastionGPT

Built with Security as our Priority

In an era where data breaches are all too common, BastionGPT stands as a bastion of security. Our advanced, HIPAA-compliant ChatGPT powered AI provides a secure, trustworthy and HIPAA-compliant AI service.

Healthcare security is complicated.
BastionGPT makes it easy.

Our Approach
Our team culture and operations are centered around maintaining customer trust, which is our utmost priority. We uphold this commitment by incorporating cybersecurity as the core of all our operations, employing a defense-in-depth strategy and aligning to NIST standards. We adhere to best-in-class security practices, which ensure all handling of chat history and customer data is processed, stored and treated in alignment with HIPAA regulations.
Risk Assessment and Vulnerability Scans
To protect your data from evolving cybersecurity threats, we conduct internal risk assessments. These assessments are performed regularly, and include trusted 3rd party review of code for security flaws after every major code modification. Our services maintain an A+ rating with SecurityScorecard.
Penetration Tests and Code Reviews
To ensure the highest level of security, we perform regular 3rd party penetration tests. These tests are designed to detect potential vulnerabilities and enable us to strengthen our defense measures. We also conduct static code reviews during every code deployment to further scrutinize our codebase for any potential threats or vulnerabilities that might go undetected in a dynamic analysis.
Data Access and Control
Information submitted to BastionGPT is limited to only trained individuals with a need to know, and always according to the principles of least privilege. Chat history is stored within the BastionGPT secure cloud and is deleted after 30 days. It is only accessed when needed to uncover abuse or resolve a technical problem.

To ensure the security of your information, the BastionGPT team does not provide 3rd party access to sensitive customer information, such as any PHI or PII, apart from Microsoft. BastionGPT has the requisite HIPAA BAA and security assurances in place with Microsoft to ensure your information remains secure.

Chat history is not provided to OpenAI, and is not used to develop future models of ChatGPT.
Security History
Our company takes pride in our intense focus on cybersecurity and has not fallen victim to any breaches of security. Our steadfast commitment to rigorous security protocols and preventative measures has proven to be effective in safeguarding our systems and data.
Trust and Compliance Portal
For information about our Trust and Compliance program, you can view our  portal at
Trust BastionGPT

Review our confidential security whitepaper and architecture with a cybersecurity expert.

Proven Security

Healthcare applications must stand up to the most sophisticated of attacks every day. BastionGPT was designed with security and privacy at its core, to ensure information stays safe from prying eyes and cyber threats.

“The role of penetration tests and code reviews in our security strategy can't be overstated. Our commitment to these proactive measures is our way of ensuring that our service is always a step ahead, ready to deal with potential vulnerabilities before they become actual threats.”

Josh Spencer

“During my testing process, I was impressed by the robustness and resilience of this application. BastionGPT is one of the most secure platforms I have tested.”

Abir Dhar
Cybersecurity Expert

Trust and Compliance