Trust Center

What we do with your data — and what we don't claim.

Most vendors bury compliance in a footer and hope you don't ask. We'd rather put it on one page, in plain language, including the parts where the honest answer is "not yet."

Last reviewed 15 July 2026

Where we stand today

No badge wall. Here is our actual posture, stated plainly — including what we do not hold.

ItemStatusDetail
HIPAA-aligned operations Yes Our workflows are built around HIPAA requirements from day one, not bolted on.
Business Associate Agreement (BAA) Yes We execute a BAA with every healthcare client before any protected health information is handled.
HIPAA training & certification for deployed talent Yes Every professional we deploy completes HIPAA training and holds certification through our own academy.
Written security & data-handling policies Yes Documented access-control, device, and data-handling policies our team works to.
SOC 2 Type II On our roadmap We are not SOC 2 certified, and we have not begun a formal audit. It is on our roadmap. We will say so here the moment that changes — and not a day before.
HITRUST Not held We do not hold HITRUST certification and are not currently pursuing it.

Why we publish the gaps. Any vendor can print a badge. If we tell you plainly what we don't have, you can trust what we say we do have. That is the whole point of this page.

PHI: how it's handled, and how it isn't

Protected health information only moves through channels we've contracted for. In practice:

Please don't send patient information through our website form. It isn't the right channel, and we'd rather tell you than quietly receive it. Ask us and we'll open a proper one.

The people behind your operation

Most of the risk in outsourced healthcare operations isn't technology — it's people. So we don't rent talent from a marketplace and hope for the best.

Security & data handling

Where your data is processed

Our team operates from the Philippines. Our web infrastructure runs in Singapore. Our business email is provided by Microsoft. If you engage us from the United States, your information will be transferred to and processed in these locations.

We operate under the Philippines Data Privacy Act of 2012 (RA 10173), alongside the HIPAA obligations we take on contractually with our U.S. clients.

This website specifically

Worth stating, because it's unusual and it's easy to verify:

Full detail lives in our Privacy Policy.

Doing your due diligence

If you're evaluating us, ask. We'd rather answer a hard security questionnaire than win on vagueness.

Email info@revconnexsolutions.com and it reaches a human who can actually answer.

Keeping this page honest

This page is reviewed as our posture changes. If something here is out of date or you think a claim doesn't hold up, tell us at info@revconnexsolutions.com and we'll correct it. A trust page that isn't maintained is just marketing.