Compliance & Policy

Data Processing Agreement (DPA)

Effective Date: July 07, 2026

This Data Processing Addendum ("DPA") forms part of the master pilot agreements between Veltneon Inc. ("Veltneon") and participating clinical networks or health systems (each a "Client" or "Covered Entity").

1. Background & Scope

In the course of providing clinical decision support through the Auravita platform, Veltneon may process Protected Health Information (PHI) subject to the Health Insurance Portability and Accountability Act (HIPAA). This DPA defines our data security and privacy commitments.

2. DICOM Image Processing & De-Identification

Veltneon implements a zero-knowledge pipeline for radiology records:

  • Local De-Identification: A Client-side script parses and filters patient demographics from DICOM files before data leaves the hospital subnet.
  • GPU Container Isolation: Anonymized pixel matrices are routed directly to dedicated **NVIDIA H100 Tensor Core GPUs**.
  • Transient Memory Caching: Token outputs are kept in active GPU VRAM during inference and deleted immediately upon callback execution.

3. Business Associate Commitments

Veltneon agrees to:

  • Process PHI only as permitted under the active Business Associate Agreement (BAA) and signed pilot terms.
  • Use appropriate safeguards to prevent unauthorized use or disclosure of PHI.
  • Report to Client any security incident or breach of unsecured PHI within 24 hours of discovery.
  • Ensure that any subcontractors or advisors with access to systems agree to identical privacy constraints.

4. Technical and Administrative Auditing

Client reserves the right to review Veltneon’s hardware container logs and local encryption audits to verify compliance. Such audits are conducted annually and are subject to mutual security clearance protocols.

5. Contact Details

Veltneon Inc.
1150 N Lake Shore Dr, APT 22A
Chicago, IL 60611
Email: dpa@veltneon.com