Security & Compliance Overview

We take patient data and device security seriously. This is your central hub for all things related to IntuBlade’s security, privacy, and compliance posture.

Security Overview

• AES-256 end-to-end encryption (device ↔ app ↔ cloud)

• Signed firmware, secure boot, tamper-evident logs

• Role-based access control, SSO/SCIM support

• Third-party penetration testing and ongoing threat monitoring

• Device logs and video storage can remain fully local or push securely to AWS

Compliance Overview

• FDA-compliant Class I device

• Built on ISO 13485 and 21 CFR 820

• UDI tracking, post-market surveillance, and internal QA

• HIPAA-aligned infrastructure and safeguards

• Business Associate Agreement (BAA) available upon request

• Data Processing Agreement (DPA) available upon request

Deployment Options

• On-device only (air-gapped)

• Hybrid (local video, cloud metadata – AWS us-west-2)

• Fully cloud with secure video sync to encrypted S3

Contact

• Security: security@intublade.com

• Privacy: privacy@intublade.com

• Regulatory/QA: qa@intublade.com

Explore Further

Compliance

• Policies

• HIPAA

Privacy

• Data Processing Agreement (DPA)

• Privacy FAQ

Legal

• Privacy Policy

• Terms of Service

FAQ Highlights

Where is patient data stored?
AWS us-west-2 by default. Local and on-prem options available.

Can I run this offline?
Yes. All core functions run without internet, including lens-clearing spray and video capture.

Who controls data retention?
You do. Retention windows can be set from 7 days to 7 years. Default is 7 years.