Skip to main content

Trust

Trust is verified, not promised.

Every certification we hold or are working toward. Every patent we've filed and the non-assertion covenants attached. Every audit letter once it lands. Every dollar moved through the network. Every uptime second of every system. All of it lives on these pages — public, cryptographically signed, continuously updated. Trust at this company is a function of receipts, not adjectives.

Four pillars

How a Conceptual Health® claim earns the right to stand.

Every assertion you read on a Conceptual Health® page is anchored in one of four pillars. If a claim doesn't fit into one of them, it doesn't ship. If a claim does fit but the receipt isn't ready, we say so out loud.

Third-party attestations

Independent auditors. Signed letters.

SOC 2 Type II. HIPAA. HITRUST CSF r2. ISO 27001. CMMC L2. Each one moves from "architected" to "engagement" to "signed letter" on the attestations page, with date stamps and the firm's name when the letter is in hand.

Operational telemetry

Numbers, not narratives.

Uptime, incident count, breach count, AI override count, government-request count. Read live on the Proof index; aggregated quarterly in the Transparency Report. Source data is HMAC-chained — see the chains catalog.

Legal documents

Plain English, real signatures.

The full Terms, Privacy Policy, HIPAA NPP, BAA template, DPA, and patent non-assertion pledge. Each in plain English. Each previewed 30 days before a material change.

Open materials

The math is in your hands.

The technical whitepaper. The Master Equation reference implementation. The 55 IP disclosures (CH-IP-001 through CH-IP-055), hash-anchored to the Conceptual Chain under 35 U.S.C. § 102(b)(1). The HCR & HCC token posture. Read it, run it, falsify it.

Receipts

The accountability surface.

Three numbers we publish today, with nowhere to hide as the company grows. 0 active third-party-signed certifications (5 architected). 0 production incidents (pre-launch). 1 patent filed: U.S. Provisional 63/921,717.

Three standing promises

Constitutional, not aspirational.

We will never sell patient data (requires unanimous board + 67% patient-representative seats to even attempt). We will never charge patients for the patient app. We will never lock data — FHIR R4 export available in one click, always.

The pages

Every page is its own surface of receipts.

Whitepaper

The 64-page technical paper. Eight axes, two coins, one chain. Master Equation derivation, dual-coin mechanics, settlement protocol, identity model, security architecture.

Attestations

The control program registry. Every standard, its scope, its owner, where it stands today, what document a regulator can pull. Honest about which letters are signed and which are pending engagement.

HCR & HCC posture

What we believe about token classification. What we're confirming with counsel. What we explicitly don't claim. CFTC, SEC, FinCEN, IRS, FLSA — each one analyzed in plain language.

Transparency Report

Quarterly: government data requests, notifiable breaches, AI overrides, content-moderation actions, platform uptime. Pre-launch quarters are zeroes — that's a feature, not a placeholder.

Bug-Mining Program

5,000,000 HCC seeded treasury, 3-of-5 multi-sig governance. Critical findings pay 5,000–10,000 HCC. Every payout is published with the finding, the fix, and the timeline.

Patents

The patent posture, the non-assertion covenant for under-served care, and the 55 IP disclosures with their chain-anchored timestamps. Defensive filings only.

Identity stack

Every Conceptual Health login, from the factor model to the audit chain. Passkey-first, hardware-backed, NIST-aligned by role, crypto-agile, every event chain-stamped. Architecture, algorithms, and receipts published openly — plus a published roadmap of what’s in development next (private authentication, sovereign DNS, hardware-attested device addressing).

Compliance posture, live

Real-time scores across 18 regulatory frameworks, measured against the running system every fifteen minutes and chain-stamped with HMAC-SHA3-512. The page refreshes every sixty seconds. Nothing is hand-written — what you see is what the system measures right now, across every server in the fleet.

Privacy Officer

Who to contact about your privacy, how to exercise your HIPAA rights, and how to report a concern or suspected breach — plus your right to file with HHS Office for Civil Rights. Conceptual Health has a designated Privacy Officer and Security Official.

CHTR-P1 protocol DRAFT

Open specification for healthcare-grade master-key custody. Hardware-attested WebAuthn, 3-of-5 Shamir, every step chain-stamped. Other healthcare networks welcome to adopt — Apache-2.0 implementation, CC BY-SA 4.0 spec.

SLA on this page

Incidents posted within seven days of first paying clinic.

Pre-launch, this page is a future-tense statement. Post-launch, it becomes the public ledger of every incident, every attestation, every government request. The clock on the seven-day disclosure SLA starts the day the first paying clinic comes online.

Spot something wrong, missing, or hand-wavy? Write security@conceptualhealth.com. Trust bugs get the same priority as code bugs.