Your customers trust you with personal information. Geckonaut treats that trust as the foundation of everything we build — with strong encryption, strict access controls, and infrastructure ready for the compliance requirements your industry demands.
All data is encrypted at rest under the 256-bit Advanced Encryption Standard before it's ever written to disk.
Data moving between systems is protected with TLS encryption — secure from the moment it leaves the line.
Cryptographic keys are managed on hardened infrastructure, with each key itself encrypted under regularly rotated master keys.
The platform supports an account-wide HIPAA compliance package — available to activate for healthcare clients who require it.
When HIPAA compliance is enabled, a Business Associate Agreement is part of the package — handled during onboarding.
When HIPAA is enabled, multi-factor authentication is enforced account-wide on every access point.
Account activity is captured in audit logs — a clear, reviewable record of who did what and when.
Built on enterprise-grade cloud infrastructure with the same hardened systems used to protect data at global scale.
You don't have to configure security settings or remember to turn anything on. Protection is the default state of the platform, applied without setup on your part.
The database automatically encrypts all data before it's written to disk — no setup or configuration required. It's decrypted transparently only when read by an authorized user, then re-protected.
Cryptographic keys are managed for you on hardened key-management systems with strict access controls and auditing. Each piece of data is encrypted under the 256-bit Advanced Encryption Standard, and each key is itself encrypted under a regularly rotated set of master keys.
Data is decrypted only for authorized users. Because Geckonaut operates the system as a fully managed service, there's no sprawling set of logins to govern on your side — access is limited, deliberate, and reviewable.
Account activity is captured in audit logs, creating a clear history of actions taken in the system. When HIPAA compliance is enabled, audit logging and multi-factor authentication apply account-wide.
If you run a healthcare practice, compliance isn't optional — and it isn't something to leave to chance. Here's an honest, plain-English look at how HIPAA works with Geckonaut.
HIPAA — the Health Insurance Portability and Accountability Act — sets U.S. national standards for protecting patient health information. Two parts apply here: the Privacy Rule, which protects patient information, and the Security Rule, which sets standards for securing electronic patient data.
For a healthcare practice, a Business Associate Agreement (BAA) is the contract that formally extends those obligations to the vendors who handle patient data on the practice's behalf.
The infrastructure Geckonaut builds on offers an optional, account-wide HIPAA compliance package. When enabled, it brings the controls a healthcare practice needs:
An AI voice receptionist creates recordings and transcripts. That's sensitive information, and it deserves the same protection as anything else in your account.
CometConcierge's call recordings, transcripts, and the contact details captured on a call are stored within the same encrypted, access-controlled environment as the rest of your data — not in some separate, less-protected place.
The infrastructure Geckonaut is built on offers an optional, account-wide HIPAA compliance package. It isn't active by default on any account — HIPAA is something that gets deliberately enabled when a healthcare client needs it.
If you run a healthcare practice, the right approach is a conversation: we'll review your specific requirements during onboarding and make sure the appropriate HIPAA package and agreements are in place before any patient data is handled. We'd rather set this up properly with you than make a blanket claim.
A Business Associate Agreement is a contract that formally extends HIPAA obligations to a vendor handling patient data on a healthcare practice's behalf. If you're a covered entity — a healthcare practice — and a vendor will touch patient information, a BAA is part of doing that properly.
A BAA is included as part of the HIPAA compliance package on the platform. We'll handle getting the right agreements in place as part of onboarding a healthcare client.
Data is encrypted at rest under the 256-bit Advanced Encryption Standard — automatically, before it's written to disk, with no setup needed on your part. It's decrypted transparently only when an authorized user reads it. Data moving between systems is protected with TLS encryption.
Encryption keys are managed for you on hardened key-management systems, and each key is itself encrypted under a regularly rotated set of master keys.
Yes. Recordings, transcripts, and contact details from calls are stored in the same encrypted, access-controlled environment as the rest of your account data. When the HIPAA compliance package is enabled, voice recordings are among the data types its safeguards cover.
No. Geckonaut is a fully managed service. We build, deploy, and operate the system for you — which means security settings are configured correctly from the start rather than left as something you have to find and switch on. You don't log into a dashboard or maintain the platform.
It's shared. Under HIPAA, a healthcare practice is the "covered entity" and the vendors handling patient data are "business associates." Protecting patient data fully depends on the right agreements being in place across that chain — and on your practice's own internal compliance practices.
We'll be transparent about exactly what the platform covers and what stays your responsibility, and we'll point you toward qualified compliance consultants when that's the right move. No overpromising.
Let's talk it through. Book a call and we'll walk you through exactly how Geckonaut protects your data — and what compliance looks like for your specific business.