Lingfaro

Trust Center

Everything your procurement team asks for, in one place.

Lingfaro works with HIPAA-covered entities, federally funded programs, and state and county agencies. This page consolidates how we protect data, the frameworks we support, and the documentation we provide to your compliance and security teams on request.

How we protect data

Four commitments behind the platform.

Data minimization

Dispatch needs language, modality, time, and location. It does not need patient names, record numbers, or clinical content. Forms are designed to keep sensitive case content out of the platform during ordinary use.

Auditable documentation

Every confirmed session produces a signed, tamper-evident record (interpreter identity, credentials active at the time, modality, timestamps, and two-party confirmation) exportable as plain JSON and PDF.

Scoped access

Sessions, invoices, and payouts are scoped per role and per organization. Encryption is enforced in transit and at rest. Identity verification is required for every interpreter.

Transparent model

We don't sell platform data, run behavioral advertising, or gate basic security behind premium tiers. Revenue is a transparent platform fee on completed sessions.

Explore

Detailed pages.

Security

Our security posture, data handling, and what we provide to compliance teams.

Compliance

The federal and Minnesota language-access frameworks we map to, and what the platform produces for each.

Privacy Policy

What we collect, why, how long we keep it, and who we share it with.

Terms of Service

The rules governing use of the platform by clients and interpreters.

Documentation on request

What we provide to your compliance team.

We respond to procurement and compliance inquiries within one business day, including standard vendor security questionnaires (SIG, CAIQ, or your agency's template). On request, we provide:

  • Business Associate Agreement (BAA) template
  • Data Processing Addendum (DPA) template
  • Security architecture summary
  • Subprocessors list: identity verification, payments, video, telephony, hosting, observability
  • Most recent penetration test summary
  • HIPAA Security Risk Assessment summary
  • SOC 2 status documentation
  • Incident response runbook with breach-notification timelines
  • Workforce HIPAA training program documentation
  • Cyber liability insurance certificate of coverage

Need a BAA, a DPA, or a security review?

Tell us what your procurement process requires and we'll get the right documents to the right people.

Contact us