Healthcare-grade security isn't optional — it's foundational. Auxtri was built with compliance as a design requirement, not a retrofit.
Key compliance and security facts for IT and security review teams.
BAAs available for covered entities and business associates
In progress through Delve — documentation available on request
US data centers with 99.9% uptime SLA
We never process or store PHI — only AP financial records
AES-256 at rest, TLS 1.2+ in transit across all data pathways
Architecture explicitly scoped to exclude patient health information
Identity management through Entra ID, the standard for healthcare enterprise identity
SAML 2.0 SSO supported — no separate credential management required
All services deployed within a private Azure VNet — no public-facing internal endpoints
Granular RBAC follows least privilege — users see only what their role requires
Multi-factor authentication enforced for all administrator and privileged access
Every data access logged with timestamp, user context, and query scope
Auxtri's data model is deliberately narrow — we only process what AP automation requires.
Auxtri connects to your ERP with read-only access to AP financial records. It does not connect to clinical systems, EHRs, or any systems that contain PHI.
Auxtri's ERP integration is designed to be the least-privileged connection possible.
Auxtri connects to your ERP with read-only credentials scoped to AP invoice and payment data. No write access is required or granted.
All ERP data retrieval uses structured API calls or parameterized queries. No raw SQL or unstructured data access.
Vendor email content is processed by Auxtri's AI layer and never passed directly to your ERP. Data flows are strictly controlled.
Every ERP data access is logged with timestamp, user context, and query scope. Logs are retained and available for security review.
Our team is happy to answer security and compliance questions, provide documentation, or connect you with our security review resources.