Trust Center

HIPAA-oriented architecture for dental AI reception.

A visual security center explaining how Happy Light AI is designed to protect ePHI across cloud infrastructure, signed service boundaries, audit evidence, and masked frontend display.

Last updated May 25, 2026

Security architecture overview

Happy Light AI is designed around tenant isolation, encrypted transport, least-privilege access, backend-controlled secrets, and append-only audit evidence. The public website does not store real patient recordings or transcripts.

AI receptionist

Collects the minimum call context needed to schedule, triage, and summarize.

Signed service boundary

Tenant and branch requests are verified before backend processing.

GCP BAA services

Application workloads are designed for covered cloud services and encrypted transport.

Scoped storage

Tenant configuration, call metadata, and audit events are separated by tenant context.

Audit evidence

Staff and admin actions are rendered as read-only review trails.

Masked frontend

Browser UI receives display-safe values for patient identifiers whenever possible.

GCP BAA-ready architecture

Production infrastructure is designed for Google Cloud services covered by a Business Associate Agreement.

HMAC-SHA256 request signing

Tenant-scoped service calls can be validated with signed requests to reduce spoofing and replay risk.

Least-privilege access

Staff views are scoped to tenant and branch context, with Super Admin paths separated from customer dashboard routes.

Immutable audit trail

Access and mutation history is planned as append-only evidence for compliance reviews.

PHI-safe frontend display

Raw patient identifiers are limited to tenant staff workflows where they are operationally required. Public, support, logging, and Super Admin surfaces mask or minimize PHI by default.

Backend-controlled recordings

Public marketing pages do not bundle patient audio. Showcase recordings must be anonymized and backend-approved.

Compliance responsibilities

Happy Light AI provides technical safeguards and workflow controls for AI receptionist operations. Dental practices remain responsible for HIPAA workforce training, appropriate patient communication policies, emergency protocols, and final verification of clinical or insurance-sensitive information.