Security & Compliance

Security you can prove.

You’re trusting WestFax with data that decides outcomes — patient records, financial files, criminal-justice information. We hold the certifications and sign the agreements that let you show your auditors exactly how it’s protected.

End-to-end encryption AES-256 at rest TLS 1.2+ in transit BAA on every plan

The directory

Nine frameworks. One standard of care.

Choose any framework to see how WestFax meets it — and the documentation that backs it up.

How we protect your data

One security foundation under every framework

The certifications differ. The controls underneath them don’t — every fax rides the same encrypted, audited, access-controlled platform.

Transmission security
The highest level of TLS available for data in transit — web, print driver, and API — plus TLS-protected SMTP (RFC 3207) and FTPS/SFTP.
Encryption at rest
AES-256 encryption of fax data at every phase of processing, guarded by Access Control Lists.
Physical security
SOC 2-compliant data centers with 24×7 guards, video surveillance, and biometric control of private-cloud areas.
Access control
Data isolated to a private-cloud environment, with unique user IDs, enforced password complexity, and multi-factor authentication.
Data integrity
End-to-end encryption and signature protocols prevent tampering in transit; every message is archived encrypted.
Audit & monitoring
Internal and external access logs reviewed in real time to detect and prevent security issues.

Questions

Common questions

Still have questions?

Tell us which framework you need to satisfy and we’ll get you the documentation and answers your auditors expect.

Certifications like HITRUST r2, SOC 2 Type II, PCI DSS, and TX‑RAMP are validated by independent third parties. Compliance with HIPAA, GLBA, FERPA, CJIS, and PIPEDA means our platform is built and operated to meet the requirements of a law or mandate. Some frameworks have no certifying body at all — for CJIS, there is no such thing as being “CJIS certified.”

Yes. A BAA is included with every WestFax plan, at no extra cost.

Yes. SOC 2, PCI, and other documentation are available through your account team.

Yes. WestFax offers Canadian-hosted faxing aligned with PIPEDA, PHIPA, and provincial privacy laws, with transmission, processing, and storage kept in-country. See PIPEDA & Canadian residency.