Lingfaro

Security

Built for institutions already under scrutiny.

Lingfaro works with HIPAA-covered entities, federally funded programs, and state and county agencies. The platform is designed to make their compliance work easier, not to add to it. Documentation and signed agreements are available to your procurement or compliance team on request.

Our posture

Three paragraphs.

Data minimization is the design. The platform's job is dispatch: getting the right interpreter to the right session, on time. Dispatch needs language, modality, time, and location. It does not need patient names, medical record numbers, diagnoses, or clinical content. Our forms are designed so PHI does not enter the platform during ordinary use; clinical context flows to interpreters through your own systems where it belongs.

Documentation is the deliverable. Every confirmed session produces a signed record covering interpreter identity, credentials active at the time of the session, modality, timestamps, and confirmation by both the interpreter and your staff. The record is tamper-evident. Alterations after export are detectable. The format is plain JSON plus PDF, readable by any auditor without specialist tools. If a Joint Commission surveyor, OCR investigator, or CMS reviewer asks for evidence of qualified-interpreter use, the export is one click.

Trust is auditable. Sessions, invoices, and payouts are scoped per role and per organization. Encryption is enforced in transit and at rest. Identity verification is required for all interpreters. We sign Business Associate Agreements with healthcare clients, Data Processing Addendums with state and county agencies, and standard subcontract paperwork with ORR-funded resettlement agencies.

Procurement documentation

What we provide to your compliance team.

On request, we provide:

  • Business Associate Agreement template
  • Data Processing Addendum template
  • Security architecture summary
  • Subprocessors list: identity verification, payments, video, telephony, hosting, observability
  • Penetration test summary (most recent)
  • HIPAA Security Risk Assessment summary
  • SOC 2 status documentation
  • Incident response runbook with breach-notification timelines
  • Workforce HIPAA training program documentation
  • Cyber liability insurance certificate of coverage

For state and county procurement, we respond to standard vendor security questionnaires (SIG, CAIQ, or your agency's template).

What we don't do

The limits of our commercial model.

We don't sell platform data. We don't run behavioral advertising. We don't share session records with third parties. We don't upsell premium tiers that gate basic security features. Our revenue is a transparent platform fee on each completed session. That is the entire commercial model.

Need a BAA or a security review?

We respond to every procurement and compliance inquiry within one business day.

Contact us