🔒 Security, Privacy & Responsible AI at Pasito

At Pasito, security and compliance aren’t checkboxes—they’re built into every decision we make. From advanced AI to benefits management tools, we’re committed to protecting your data, honoring your trust, and ensuring ethical, transparent technology use.

Security as a Company Value

Security is embedded into Pasito’s DNA:

  • Vetted Personnel: All employees and contractors undergo background checks and sign strict confidentiality agreements.
  • Ongoing Training: Staff receive continuous security education, including threat simulations and emerging attack vectors.
  • Secure Development: All development follows best practices. Security reviews and training are standard across our engineering teams.
  • Rigorous Testing: We conduct regular penetration tests, vulnerability scans, and static/dynamic code analysis through internal and third-party experts.

Cloud-First, Secure by Design

  • Data Isolation: Each client’s data lives in a dedicated trust zone, architected to prevent any cross-client access or data co-mingling.
  • Encryption Everywhere: All data—at rest and in transit—is protected using AES-256 and TLS 1.2+.
  • 24/7 Monitoring: Pasito experts monitor our platform in real time for any signs of threats or anomalies.
  • Zero Trust Model: We implement role-based access controls and least privilege principles, with routine reviews and revocation protocols.

Regulatory Compliance

Pasito is aligned with industry-leading standards to ensure that your sensitive data is protected—especially where health and financial information are concerned.

  • HIPAA Compliance: Our systems and processes meet the rigorous requirements of the Health Insurance Portability and Accountability Act (HIPAA). We ensure:
    • Physical, technical, and administrative safeguards for protected health information (PHI)
    • Business Associate Agreements (BAAs) where applicable
    • Secure handling of all health-related data in accordance with federal regulations
  • SOC 2 Type I & II: Independently audited by Prescient Assurance, confirming our controls for security, availability, and confidentiality.

📄 Request our SOC 2 Report 

Ethical & Transparent AI Use

Pasito’s AI is built for trust:

  • Client-Specific Training: Models are customized for each client using only their data (and Pasito’s generalized training data), never shared or repurposed.
  • Strict Consent Policies: No employee data is used for AI training without explicit approval.
  • Bias Minimization: We follow industry AI ethics guidelines to deliver fair, equitable recommendations.
  • Clear Disclosures: Users are always informed when AI is used to generate or enhance content.

 

Generative AI Use Policy Highlights

Pasito’s AI governance framework includes:

  • Pre-Deployment Testing: Validates AI output accuracy, data integrity, and ethical alignment before launch.
  • Post-Launch Monitoring: Ongoing evaluations ensure AI tools meet performance, fairness, and safety standards.
  • Incident Response Protocol: In the rare event of deviation, our data team investigates and resolves issues swiftly.
  • Employee Training: All staff working with AI complete structured programs on data privacy, ethics, and security.

 

Client-Centered Support & Improvement

  • Client Success Team: Every client is assigned a success manager for onboarding, training, and ongoing support.
  • Transparent Documentation: We provide clear materials explaining decision support and security policies.
  • Feedback Loop: Clients and users can submit feedback or concerns directly with feeding into platform updates and enhancements.

 

Contact & Reporting

If you have a concern or need to request documentation:

📧 Security & Compliance: privacy@joinpasito.com

📃Request Audit Reports