Trust Center
CareLumi is committed to protecting your data with enterprise-grade security. Here's how we handle compliance, security controls, and privacy.
Why generic LLMs and AI agents can't solve credentialing and compliance alone, see Why CARL
Company information
AI safety and oversight
CARL is a regulated AI engine. It operates with safeguards, expert oversight, and a full audit trail on every decision.
Agentic safeguards
CARL operates with guardrails on every automated action, so credentialing decisions stay within defined, reviewable boundaries.
Technical AI-safety controls
The engine is built and reviewed against AI-safety controls appropriate for a regulated healthcare environment.
Expert review
Credentialing experts evaluate CARL's output and handle the toughest, highest-stakes cases.
Auditability
Every credentialing decision is logged, rule-verified, and reviewable, defensible for committees and auditors.
Regulatory currency
CARL is continuously updated as federal, state, and payer rules change.
Standardization and reliability
One consistent standard across payers and states, because the system gates payment and patient care.
Certifications and frameworks we adhere to
HIPAA
CareLumi maintains full HIPAA compliance. We execute Business Associate Agreements with all customers.
SOC 2 Type I + Type II
Our SOC 2 Type I and Type II certifications provide independent verification of our security controls and operational practices.
Business Associate Agreement
BAAs are available for all customers. Our standard agreement covers all HIPAA requirements.
How we protect your data
Security documentation and policies
Privacy Policy
How we collect, use, and protect your personal information.
Master Service Agreement
Our standard MSA governing the terms of service for CareLumi customers.
Business Associate Agreement
Standard BAA for customers requiring HIPAA compliance coverage.
Data Processing Agreement
Terms governing how we process data on your behalf.
CareLumi commits to 99% monthly uptimefor the platform during your subscription period. "Available" means the platform is accessible and core functionality, provider roster, verification workflows, payer enrollment tracking, and login, is operational. Degraded performance of non-essential features does not constitute unavailability.
How uptime is measured
Service credits
If we fail to meet our uptime commitment, you're eligible for service credits applied to your next invoice.
| Monthly uptime | Service credit |
|---|---|
| 98.0% – 98.99% | 10% of monthly fee |
| 95.0% – 97.99% | 20% of monthly fee |
| Below 95.0% | 30% of monthly fee |
Maximum credit: 30% of your monthly fee per incident month.
How to request credits
- Email support@carelumi.com within 60 days of the affected month.
- Include your account name and the dates and times of the outage.
- We verify and apply credits to your next invoice within 15 business days.
What does not count as downtime
- Scheduled maintenance announced at least 24 hours in advance via email or our status page.
- Third-party services outages from cloud providers (GCP), identity providers, or integrations outside our control.
- Customer-caused issues misconfiguration, exceeding usage limits, or actions that degrade your instance.
- Force majeure natural disasters, government actions, or other events beyond reasonable control.
- Beta features any feature explicitly labeled beta or preview.
Our commitment
We monitor our systems 24/7 and communicate proactively when incidents occur, publishing post-incident reviews for significant outages. Service credits are your sole and exclusive remedy for any failure to meet this SLA. This SLA does not modify or replace any other terms in your subscription agreement.
