Skip to main content
HASP is the regulated-AI substrate — the identity, policy, audit, compliance, and PHI-handling layer for AI in regulated industries. The substrate is what you buy; the surfaces below are how you consume it.

What the substrate is

The substrate is a single, coherent layer that sits between compliance infrastructure and your end-user product. It comprises five HASP-owned components:
ComponentWhat it does
IdentityNames who is making each AI call — a user, an API key, or an agent acting under delegated authority — with what scope and what revocation-eligibility.
PolicyEnforces compliance constraints before an action is taken: BAA verification, feature allowlisting, credit pre-flight, PHI mode resolution, and pre-action tool authorization. Failure is fail-closed.
AuditProduces tamper-resistant, cryptographically verifiable evidence of what every caller did, on whose authority, and with what result. See Audit Chain.
Compliance postureSatisfies regulated-buyer procurement requirements with one control set spanning multiple frameworks. See Compliance Posture.
PHI handlingDe-identifies content before inference and re-identifies on response — HASP-owned, built on Microsoft Presidio with healthcare-specific recognizers. See BAA Structure.
All five components are built and operated by HASP. The substrate itself is never a pricing lever — it is the floor at every paid tier and in the Free Evaluation.

Who it’s for

HASP serves the regulated-AI market, healthcare-led, with adjacent regulated verticals — legal and financial services — following on the same substrate. Customers who don’t process PHI use the full platform identically; PHI handling is a universal capability, not a vertical-specific add-on.

Four consumption surfaces

The substrate is reachable through four surfaces. Each is a way to consume the substrate, not a separate product with its own roadmap:

Assistant

Compliant chat for individuals and teams.

Studio

Internal-app builder for bespoke tools that handle PHI without dev work.

Public API

Programmatic inference, identity, policy, and audit.

Agent SDK

Issued, scoped, revocable, audited agent credentials — a client of the Public API.
Every surface rides the same substrate. The same compliance posture, the same audit chain, and the same PHI handling apply regardless of which surface a call enters through. Tier differences are operational — rate limits, allotments, SLA, governance depth — never access to the substrate or its controls.

Where to go next

Compliance Posture

How one control set satisfies multiple frameworks at once.

Audit Chain

Tamper-resistant, independently verifiable audit evidence.

BAA Structure

The customer BAA and the provider chain that backs PHI handling.

AI API Quickstart

Make your first compliant inference call.