One place for every governance, privacy, and trust document. Because shteg.ai is a registered HIPAA clearinghouse — and therefore a covered entity — these documents are framed to that obligation, not to a general consumer-SaaS posture. The formal versions are in preparation with counsel: each legal document below is a clearly-marked draft and carries no binding effective date until its banner is removed.
How the platform, product, and clearinghouse services are governed, and how data is contracted between us.
What using the shteg.ai platform, the ShtegMed product, and the clearinghouse services will govern — including the boundaries of the honest register.
How personal data and protected health information are intended to be handled, framed to the HIPAA clearinghouse obligation.
The processing terms that will accompany the customer agreement — roles, instructions, and subprocessor governance.
The covered-entity / business-associate terms for PHI. Integrations that would touch PHI without a BAA in place fail closed.
The limits on use of the clinical, clearinghouse, and money-movement functions — misuse prohibitions stated plainly.
The documents that carry the covered-entity posture — who processes PHI, under what notice, and with which vendors.
The notice describing how protected health information would be used and disclosed, and the rights that attach to it.
The real vendors in the stack — each listed with its role and status (active, sandbox, being-removed, or gated). No invented names.
The architecture behind the posture — the hash-chained WORM ledger, the settlement gate, edge auth — and the honest verified-green vs. gated register.
How the site treats visitors, how it reaches everyone, how to report a flaw, and how to see current state.
What the marketing site sets in the browser and why — kept minimal and separate from any PHI handling.
Our commitment to an accessible surface, the standard we build toward, and how to flag a barrier you hit.
How to report a security vulnerability, what to expect in response, and the safe-harbor intent for good-faith research.
Current operational state, kept in the same honest register — capability described as capability, never as traction.
No real dollar has moved. No real PHI has flowed.
What is real: the architecture — hash-chained ledger, settlement gate, and reconciliation waterfall, tested in code at HEAD — the Type-2 organizational NPI and registered HIPAA clearinghouse identity, and the doctrine. We register capability as capability, never as traction.