Preeley
HomeLegal CenterCreate Workspace

Legal & compliance

HIPAA Compliance

A summary of Preeley’s healthcare-adjacent security posture, safeguards, and Business Associate Agreement availability.

Last updated April 10, 2026Preeley Inc.Privacy-first documentation

Preeley is designed for privacy-sensitive postpartum return-to-work programs. This page summarizes our security controls, operational safeguards, and the circumstances in which a Business Associate Agreement may be made available.

Scope of this statement

This page describes Preeley’s current security posture and HIPAA-aligned administrative, technical, and physical controls. It is not itself a Business Associate Agreement or a certification by a government regulator.

Not every customer workflow will involve protected health information, and customers remain responsible for determining whether their intended use of the service is subject to HIPAA or related healthcare privacy obligations.

Administrative safeguards

Preeley maintains internal policies, access approval workflows, confidentiality expectations, and incident management procedures designed to support privacy-sensitive operations.

Personnel access to systems and customer data is limited to authorized team members with a defined business need.

  • Role-based access review and least-privilege expectations.
  • Background operational controls for onboarding, offboarding, and support access.
  • Security awareness training and internal handling requirements for sensitive customer information.

Technical safeguards

We use technical controls intended to preserve confidentiality, integrity, and availability across the hosted service and supporting infrastructure.

Security configurations are reviewed when introducing new workflows, subprocessors, or integrations.

  • Encryption in transit using TLS and encryption at rest using strong modern ciphers such as AES-256 where supported.
  • Authenticated access, secure credential handling, and audit logging for security-sensitive actions.
  • Environment separation, secret management, and monitoring for anomalous behavior.

Access controls, logging, and monitoring

Preeley uses role-aware access controls and system activity logging to help identify misuse, support investigations, and document access to administrative functions.

Logs are reviewed and retained in line with operational and compliance needs, subject to retention policies and infrastructure constraints.

  • Administrative actions and customer-support access are logged.
  • System telemetry is monitored for availability, abuse detection, and incident investigation.
  • Customers may request additional audit and due diligence information during enterprise review.

Business Associate Agreements

Where customer use of Preeley requires HIPAA contractual coverage, Preeley may make a Business Associate Agreement available as part of the contracting process.

BAA availability may depend on the customer’s plan, use case, technical setup, and completion of a security review.

Incident response

Preeley maintains incident handling procedures intended to identify, contain, investigate, and remediate security events that could affect customer information or service availability.

Where required by contract or law, we provide notice of confirmed security incidents in accordance with our obligations and with the facts reasonably available at the time.

Shared responsibility model

Security and compliance are shared responsibilities. Customers are responsible for configuring the service appropriately, controlling user access, and limiting the submission of unnecessary sensitive information.

Customers should review their employment, privacy, and healthcare obligations before enabling custom workflows, data imports, or integrations that change the sensitivity of the data processed.

Security and compliance contact

Security, HIPAA, or BAA questions may be sent to legal@preeley.app.

Enterprise customers may request additional diligence materials during procurement subject to confidentiality protections.