Frequently asked questions.
Pulled from real operator conversations. If we missed yours, run the audit and tell us in the email reply thread.
Is AFC Home Automation HIPAA-compliant?
Yes. We enforce HIPAA Security Rule controls (encryption at rest with AES-256-GCM, RLS on every PHI table, append-only audit logging, and BAAs with every subprocessor). Production deployment is gated by signed BAAs with Supabase, GCP, and other vendors.
Do you sign a BAA?
Yes. We sign Business Associate Agreements with every facility on a paid plan. We also sign BAAs with our subprocessors (Supabase, GCP, Postmark, DocuSeal, Anthropic, Sentry). Enterprise customers can request paper BAAs.
Will my data leave Michigan?
Your tenant data is stored in US data centers operated under our subprocessor BAAs. We do not transfer PHI outside the US. RAG-grounded AI assistant queries send field names only — never resident PHI — to Anthropic.
What happens if I cancel?
You can cancel any month. We retain your data for 30 days post-cancellation so you can re-activate or export it. After 30 days, data is purged in accordance with our 6-year HIPAA retention policy applied to relevant audit records.
Can I migrate my paper records in?
Yes. Starter and Practice plans include data-import templates for residents, medications, and BCHS form metadata. Enterprise plans include a dedicated migration engineer.
Does this work if I'm not on DWIHN?
Yes. DWIHN/CMH conditional rules only fire when a resident has the `is_cmh_member` flag set. If your home does not contract with DWIHN/CMH, those rules and forms remain dormant.
How is this different from the BCHS forms PDFs I already have?
Our forms are auto-populated from your resident and facility records, regenerate when relevant data changes (the `is_dirty` flag), and bind cleanly to e-signature flows. PDFs are static; our forms are part of the system of record.
Will Anthropic / Claude see resident PHI?
No. Our RAG AI assistant sends field names and rule citations only. Resident PHI never leaves your tenant database. We document this boundary in our HIPAA controls and threat model.
What's the status page?
A public uptime + incident page is on the v1 roadmap. Until then, paid customers receive incident communication via email and the in-app notifications system.
Are you hiring?
Yes — we're growing the engineering and clinical-operations team. Email careers@yourafchome.com with a paragraph about your AFC or HIPAA-grade SaaS background.
How do you handle accessibility?
Our public marketing surface targets WCAG 2.2 AA. Interactive elements meet 44×44 touch targets, every form input has a visible label and screen-reader-friendly error messaging, and we honor `prefers-reduced-motion`. The accessibility statement is published as part of our compliance documentation rollout.