Trust Center

Northwoods takes privacy obligations and the protection of your information seriously.
You can learn more about Northwoods privacy practices in our Privacy Policies.

Northwoods has undergone a Service Organization Controls audit (SOC 2 Type 2). Please contact legal@teamnorthwoods.com to request Northwoods’ most recent report.

Key Security
Features

Highly available solution monitored 24/7

Hosted on AWS using only FedRAMP & HIPAA-compliant services

Each customer instance is provisioned separately to isolate customer data

Data is encrypted in transit via HTTPS TLS 1.2 and (AES) 256-bit when at rest

Communication occurs over secured RESTful Web Services architecture

Mobile data resides in isolated application storage and is not available to other apps

FAQs

Where is our data stored?

All customer data is stored in the United States.

How long do you keep our data?

All data is retained for the duration of your subscription. Northwoods provides your data back to you at the end of your subscription,
and all of your data is deleted from our systems in accordance with our subscription terms and security policies.

Would you sign a Business Associate Agreement with us?

Yes.

Do you have cybersecurity insurance?

Yes.

Do you have Single Sign-On and MFA authentication?

Yes. Traverse can integrate with the most common single sign-on providers, and MFA is supported by those providers.

Is data encrypted in transit and at rest?

Yes. All application and customer data is encrypted in transit and at rest.

Do you do vulnerability and penetration testing?

The Northwoods development pipeline includes automated vulnerability tests to ensure all code changes are secure, and Northwoods undergoes third party penetration testing annually.

Do you perform background checks on employees and contractors?

New employees and contractors in our organization are subjected to a background and reference check prior to joining the organization.

Does Northwoods maintain any certifications?

Northwoods is SOC 2 certified and uses the SSAE 18 and HIPAA security and privacy frameworks to create our internal policies and controls for operating our systems.

Do you train AI models on customer data?

No. Neither Northwoods nor our AI sub-processor (AWS Bedrock) trains AI models on customer data.

Responsible AI Statement

At Northwoods, we are committed to designing and deploying artificial intelligence (AI) technologies that support and empower
Health and Human Services professionals while prioritizing the well-being of individuals and communities.

Our principles for Responsible AI include:

Equity and Fairness

We strive to ensure that our AI systems are free from bias, promoting equitable access and outcomes for all users, regardless of background, demographics, or circumstances.

Privacy and Security

We uphold strict privacy standards and safeguard sensitive personal data. Our AI solutions are built with robust security measures to protect client information and maintain trust using HIPAA compliant and FedRAMP authorized services.

Transparency and Accountability

We design our AI systems to be transparent and explainable, enabling users to understand why we are surfacing specific data. We hold ourselves accountable for the ethical use of AI in our products.

Human-Centered Design

Our AI enhances, not replaces, the expertise of Health and Human Services professionals. We focus on augmenting human decision-making by providing data insights that are accurate, actionable, and relevant.

Continuous Improvement

We actively monitor and refine our AI systems, incorporating feedback from users and stakeholders to ensure our technologies evolve responsibly and ethically.

Compliance and Safety

We adhere to applicable laws, regulations, and ethical guidelines, particularly in the sensitive domains of health and human services. Safety and well-being are at the core of our AI solutions.

Through these principles, we aim to build trust and deliver meaningful solutions that empower professionals to
better serve their communities.