Skip to content

Security

Security is not a feature — it is a property of the system. Here is how we approach it.

Our Approach

No PHI storage.

Pidgeon generates and works with synthetic data only. We do not store, process, or transmit real protected health information. The product is designed from the ground up so that PHI never needs to enter the system.

On-device processing.

De-identification, message parsing, and validation all run locally on your machine. If you use the CLI to de-identify a batch of messages, that data never leaves your environment. We cannot see it because we never receive it.

Bring your own key.

AI features in Pro and Enterprise tiers use BYOK — you supply your own API key for OpenAI, Anthropic, or Ollama. We never hold or proxy your AI credentials. Your messages go directly from your machine to your AI provider.

Infrastructure

The Pidgeon website and Console are hosted on Vercel, with CDN and DDoS protection via Cloudflare. All traffic is encrypted in transit using TLS 1.3.

Authentication is handled by Supabase with OAuth support for Google, Microsoft, and GitHub. We do not store passwords directly.

Subscription billing is processed by Stripe. We do not store payment card information on our servers — all payment data is handled by Stripe's PCI-compliant infrastructure.

Responsible Disclosure

If you discover a security vulnerability in Pidgeon — whether in the CLI, the Console, or the website — we want to know. Please report it responsibly before disclosing publicly.

Send vulnerability reports to security@pidgeon.health. Include:

  • A description of the vulnerability and its potential impact
  • Steps to reproduce
  • Any proof-of-concept code or screenshots if relevant

We will acknowledge receipt within 48 hours and work to address valid reports promptly. We appreciate researchers who give us reasonable time to patch before public disclosure.

Compliance

HIPAA

Because Pidgeon works exclusively with synthetic data, it does not function as a covered entity or business associate under HIPAA in typical use. The product is designed so that real PHI never enters the pipeline. If you use Pidgeon's de-identification features on real patient data in an enterprise context, contact us to discuss appropriate data handling agreements.

SOC 2

SOC 2 Type II certification is planned as we scale toward enterprise deployments. Enterprise customers with compliance requirements should contact enterprise@pidgeonhealth.com to discuss their specific needs.