Trust Center
Security and trust at Senior Simple
How we protect the agencies, agents, and Medicare beneficiaries who rely on our platform. Updated as our practices evolve — last reviewed May 2026.
HIPAA compliance
How we treat protected health information.
Senior Simple is built to support the Medicare brokerage workflow, which routinely touches Protected Health Information (PHI). We operate the platform under HIPAA-aligned controls: encrypted transport, encrypted storage, role-based access, audit logging, and a Business Associate Agreement available to agencies on request.
PHI is never sent to third-party large-language-model providers. When AI features process client data, identifying fields are stripped server-side before any external call; linkage stays inside our boundary.
Sub-processors
The vendors we use to deliver the platform.
SOC 2 controls
Where each Trust Services Criteria control stands.
Security contact
Reach us with security questions or to report a vulnerability.
Email security@seniorsimple.io. We acknowledge security reports within one business day and coordinate disclosure with researchers in good faith.
Data residency
Where your data lives.
Customer data is stored in United States regions on Supabase (Postgres + Storage) and served through Vercel's US edge network. We do not replicate customer data outside the United States.
Business Associate Agreement
Available to agency administrators.
Agencies subscribing to Senior Simple can download our standard BAA from an authenticated agency-admin session. The link below will prompt sign-in if you are not already signed in.
Download our Business Associate AgreementStatus and incident history
Recent disruptions and our response.
No incidents reported in the trailing twelve months. A public status page is in development and will be linked here when available.