Every component — pipelines, AI model, vector index — runs inside your subscription. We hold only metadata.
Choose your cloud
Compliance
HIPAA
In-tenant design means PHI never leaves your environment. Microsoft's BAA covers your Azure subscription automatically.
SOC 2 Type II
NucleoBank control plane is SOC 2 Type II audited. Report available on request — in progress.
NIST 800-53
Architecture aligns with NIST 800-53 controls for federal and public safety use cases.
Azure Security Baseline
Deploys with Azure Security Center recommendations enforced by default.
RBAC / Least Privilege
NucleoBank receives a scoped custom role on a single resource group. Nothing more.
Entra ID
Multi-tenant Entra authentication. Your identity provider. Your policies.
All compliance certifications apply regardless of cloud environment. Azure · AWS · GCP all carry HIPAA eligibility, SOC 2, and ISO 27001.
Built on Microsoft Azure
The only cloud with a comprehensive compliance portfolio spanning 100+ certifications including FedRAMP, HIPAA, and HITRUST. NucleoBank runs entirely inside Azure — your Microsoft relationship and its certifications extend to every NucleoBank component.
Microsoft Trust Center →Oracle Cloud Infrastructure and others — coming soon
Credentials
You grant consent
NucleoBank receives a scoped service principal with access to one resource group only.
Credentials go to Key Vault
NucleoBank writes connector credentials to your Azure Key Vault. We never store them.
We hold only the secret name
NucleoBank's database stores "kv://src-ehr-cred" — a reference, not a value. Your vault holds the key.