Enterprise-ready legal, privacy, and trust documentation.
One location for legal, compliance, procurement, and security reviewers evaluating HavenOPS as an Operational Intelligence Platform. Executable templates and evidence packages are available under NDA.
Terms, Privacy, DPA & BAA.
Current versioned documents governing customer use of HavenOPS. Full executable templates are provided on request.
Terms of Service
Customer subscription terms, acceptable use, AI-assisted feature terms, and service commitments.
Privacy Policy
How HavenOPS collects, uses, and protects personal data, including HIPAA and AI processing disclosures.
Data Processing Agreement
Processor obligations, sub-processors, and cross-border transfer commitments.
Business Associate Agreement
HIPAA-aligned business associate commitments for covered entities and their associates.
Security, AI, and compliance transparency.
The commitments and disclosures behind HavenOPS. Each section below anchors on this page and links out to detailed pages where available.
Security overview
Tenant isolation, encryption, access controls, monitoring, and incident response.
Learn moreAI transparency
Where AI is used across HavenOPS, what data it processes, and where human review is required.
Read belowCompliance readiness
How HavenOPS supports HIPAA, state licensure, accreditation, and payer requirements.
Read belowResponsible AI statement
The principles guiding how HavenOPS designs, deploys, and governs AI-assisted features.
Read belowShared responsibility
What HavenOPS secures, what customers configure, and how those responsibilities meet in the middle.
Read belowContact legal
Redlines, procurement coordination, DPA/BAA templates, and privacy inquiries.
Learn moreWhere AI is used, and where it isn't.
HavenOPS uses AI-assisted features to accelerate work that would otherwise be manual: drafting policy language, generating training modules from source materials, summarizing operational data, recommending workflow steps, and surfacing compliance-readiness signals. AI is a drafting and analysis assistant, not a decision-maker.
- Human review is required before any AI output is relied upon for clinical care, compliance filings, billing, workforce decisions, or contractual commitments.
- Customer PHI is never used to train foundation models operated by HavenOPS or its sub-processors.
- Tenant isolation applies to AI as it does elsewhere. AI features run within a customer's tenant boundary, using only that customer's data unless the customer explicitly opts into a shared knowledge source.
- Model providers are sub-processors. Data transferred to model providers is governed by written data-protection terms and, where applicable, the BAA.
- AI outputs are auditable. Approvals, edits, and acknowledgments are captured in append-only audit trails.
Human-approved AI, by design.
HavenOPS designs AI-assisted features to keep humans in the loop for every consequential decision. Our responsible AI principles:
- Assistive, not autonomous. HavenOPS does not present AI output as final. Operational actions require an accountable human approver.
- Grounded and cited. AI outputs are generated against governed customer sources where practical, and cite the sources they draw from.
- Governed knowledge. Customers approve which sources are used, and can revoke sources at any time.
- No model training on customer data. Customer PHI and Customer Confidential Data are excluded from foundation-model training.
- Auditable. Prompts, model outputs, edits, and approvals are captured in the operational record.
- Bias and safety review. AI features are reviewed for known failure modes before release, and are gated by human approval workflows in production.
Built to support regulated operators.
HavenOPS is designed to help behavioral healthcare and other regulated operators demonstrate compliance readiness. Certifications are pursued in stages as the customer base expands.
- HIPAA. Business Associate Agreements are available; safeguards align to the HIPAA Security Rule.
- State licensure & accreditation. Workflows, policies, and training packs are structured to support Joint Commission, CARF, and state department expectations.
- SOC 2. SOC 2 Type II readiness is in-flight; a bridge letter and status update are available on request during the audit window.
- Data protection. GDPR/UK GDPR Standard Contractual Clauses and processor commitments are documented in the DPA.
- Evidence packages. Trust Packet, security questionnaire (CAIQ-Lite), and evidence exports are available under NDA.
HavenOPS does not guarantee any specific regulatory outcome. Compliance is a shared responsibility between the platform and the customer.
Additional trust documentation in flight.
The resources below are in preparation. Contact legal@havenops.io to receive interim content under NDA.
Public list of sub-processors, purposes, and regions. Available on request today.
Extended technical detail on architecture, controls, and audit posture.
Real-time control attestations, questionnaire responses, and evidence downloads.
SOC 2 Type II report and bridge letters, distributed under NDA.
Public summary of HIPAA safeguards, BAA scope, and audit posture.
Our conformance goals against WCAG 2.1 AA and how to report accessibility issues.
Detailed categories, providers, retention, and in-region consent controls.
Request executable templates.
Full DPA and BAA templates, sub-processor list, security questionnaire (CAIQ-Lite), Trust Packet, and insurance certificates are available for legal and procurement review under NDA.
Need something else for your legal review?
Our legal team can provide redlines, custom MSAs, and security questionnaires within standard procurement timelines.