Organized by who's asking. Forward this URL to your IT/security/MLR/procurement team, every question they're about to ask, with the answer, in one scannable page.
Different people ask different questions. The four sections below mirror the four most common reviewer types, security, commercial, product, and Veeva-specific. Each answer is the same one we'd give on a call, the same one in our SOW, the same one your security team gets from us in writing.
OVYN as a company is not yet SOC 2 certified, we're a small studio. The underlying infrastructure providers we run on all hold SOC 2 Type 2 certifications. Full subprocessor disclosure with each provider's certification status is on the /trust page. We follow HITRUST-aligned data-handling practices. If the client requires OVYN-level SOC 2 as a deal condition, we can initiate the formal Type 1 process within 30 days, typical 3–4 months to certification.
We're not a covered entity under HIPAA because no PHI enters our system. Patient data stays inside your Veeva environment. What we receive is de-identified aggregate analytics, minimum cohort of 25, no patient-level records, 14 aggregate fields max. So technically you don't need a BAA with us, there's no PHI for the BAA to govern. We're happy to sign a DPA and walk your privacy team through the architecture.
All US-based hosting (us-east-1). Vercel for the web app + APIs, Anthropic for AI inference, Resend for transactional email, Turso for operational database. No data leaves the US unless you specifically request EU regions for compliance reasons.
No. Our LLM vendor's enterprise terms, which we operate under, explicitly prohibit using customer prompts or completions to train the foundation model. Same for any data you share with us. Your claims library, performance data, ISI rules, generated outputs, none of it goes into a training set. Ever. This is in our SOW.
Anthropic (AI inference), Vercel (hosting), Resend (transactional email), Turso (operational database). All US-based, all SOC 2 certified or pursuing. We disclose them up front, not on request. New subprocessors require 30 days advance notice and your right to object.
HITRUST-aligned, not certified. HITRUST certification takes about a year and costs ~$150K, for a studio our size it's overkill on day one. The 'aligned' framing means our data-handling controls map to HITRUST principles, which is what most boutique vendors say. The infrastructure underneath us is SOC 2 certified.
21 CFR Part 11 governs electronic records and signatures for FDA-regulated systems, primarily clinical and manufacturing. It applies to your Veeva instance because Veeva is your regulated content repository. OVYN sits beside it; the moment content leaves us and lands in PromoMats, your Part 11 controls take over. We don't claim Part 11 compliance ourselves because the regulated record-of-truth is Veeva.
Documented runbook with <4 hour notification SLA on confirmed breach. Quarterly tabletop exercises. Continuous SAST/DAST in CI. Annual third-party pen test scheduled for Q3 2026. Audit logs are immutable, append-only, exportable on request.
Yes. Standard CCPA/GDPR-compliant template available on request. Routes to trust@ephicacyhealth.com with typical <1 business day turnaround.
Three tiers. Tier 1 (Strategy + Creative) starts at $25K setup + $18K/month. Tier 2 (adds MLR + production) at $40K + $32K/month. Tier 3 (full content engine + performance loop) at $65K + $52K/month. We can quote precisely once we understand cycle volume, typically that scoping happens after the 48-hour pilot.
Roughly half. Industry benchmark for full DTC creative is ~$84K/quarter for a single indication. Tier 2 is ~$32K/month for the same throughput. The savings come from AI on the production layer, not from cutting strategy or compliance corners. We don't replace those agencies, we sit alongside, focused on production. Many of our prospects keep their full-service partner for strategy and use us for the content engine.
Six weeks from contract execution. Week 1 = scope and kickoff. Weeks 2–4 = configure your brand brain, load claims library + ISI + voice rules, build the Veeva connector in sandbox. Week 5 = validation with your team. Week 6 = first content moves through your MLR queue. Or skip the build and submit a brief on day one, we deliver 12 MLR-scored versions in 48 hours via the pilot.
Your data stays your data. We provide a full export, claims library, brand brain configuration, Veeva metadata, performance archive, audit log, and we don't retain any of it after offboarding. Standard 30-day wind-down clause in the contract. No early-termination penalty after Month 6.
Yes, and it's free for first engagement. Submit a brief at /pilot. We deliver 8–12 MLR-risk-scored versions in 48 hours, citation-tagged to public claim sources for your indication. Zero commitment after delivery. The work goes in your archive whether or not you sign.
OVYN focuses on AI content for pharma + health-and-wellness. Yes, we work across verticals, wellness, longevity, pharma, food and beverage, but each engagement is run as a dedicated team. Your engagement is staffed by people who know pharma, not a generalist studio.
A frontier LLM partner under contract that prohibits training on customer data, in writing. We picked the vendor for two reasons: their data-handling posture and their long-context retrieval performance, important when the model has to read your entire claims library before producing an execution. Vendor and version named in the MSA, not on the marketing site.
Two layers. First. RAG (retrieval-augmented generation): every claim has to be retrievable from your approved claims library, with citation. The model can't make up a stat. Second, the compliance rail validates every claim against the source. If the citation pointer doesn't resolve to a real, in-scope, current claim, the version gets flagged. And ultimately MLR is still the gate, we don't ship anything to channel without an MLR-approved record.
No, and you don't want one. Custom LLM training is a multi-million-dollar infrastructure project that gets stale the moment a new foundation model ships. What we do is configure a foundation model with your specific context, your claims library, ISI, brand voice, audience personas, FDA guardrails. Same model, different inputs. Industry term is RAG with brand-specific instructions. Effect from your perspective is 'your brand's AI'; cost and maintainability are dramatically better than a custom-trained model.
Not its own LLM. The brand is encoded as four layers on top of a foundation model. A1: essence anchor. The brand's identity statement (thesis, story, truths, anti-positioning, tells) is injected at the top of every prompt. A2: brand corpus. 50 to 500+ pieces of the brand's actual writing, indexed semantically. Every generation retrieves the most relevant precedents. A3: brand-fit identity scoring. Every execution is scored 0-100 on how closely it reads as this brand specifically. Hard floor at 60. A4: adaptive per-brand model. Every approved execution auto-promotes into the brand's precedent library. Top-K precedents retrieved at inference time as match-this-voice anchors. The adapter sharpens with every approval. no retrain cycle, fully citable in the audit drawer. The result: the model behaves like an in-house team that has been writing for this brand for years, and you can show MLR exactly which approved pieces shaped each output.
The adapter is live from day one. Every approved or edited execution at /admin/generations auto-promotes into the brand's precedent library. At inference time, the top approved precedents are retrieved and injected as match-this-voice anchors. No retrain cycle, no waiting. The next generation reflects the latest approval. Costs nothing per inference beyond the foundation model call. See it run base vs adaptive side by side at /methodology/adapter-compare.
Compliance asks 'is this allowed to ship?': checking forbidden phrases, regulatory rules, MLR conventions. Brand-fit asks 'does this read like the brand?': checking voice, cadence, vocabulary against the brand corpus and essence. The two run independently. An execution can pass compliance and fail brand-fit (rule-clean but generic). An execution can pass brand-fit and fail compliance (recognizably on-brand but a forbidden phrase snuck in). Both surface in the audit drawer, with brand-fit on a 0-100 scale (hard floor at 60).
Standing instructions running on every generation. OPDP guidance encoded as rules, fair-balance proximity, comparative-claim restrictions, outcome-guarantee prohibitions, off-label scope, ISI requirements. Plus your brand-specific rules, voice, forbidden phrases, named-physician requirements. Each output gets a risk score. Above threshold, it's flagged with an auto-rewrite suggestion before MLR sees it. Doesn't replace MLR, it cleans up what would otherwise eat MLR's time.
Two layers catch it. First, every claim has to be retrievable from your approved claims library, with citation. Second, the compliance rail validates every claim against the source. If the citation pointer doesn't resolve, it's flagged. And ultimately MLR is still the gate. We make MLR faster; we don't bypass MLR.
Off-label is a hard rule. Every efficacy mention has to tie to FDA-approved indication only. The rail blocks generations that imply use beyond approved indications. If the engine produces something off-label-adjacent, it's flagged at the highest severity. Your medical reviewer is still the final read.
PromoMats for compliance archive (every approved execution lands there with metadata). Veeva CRM for HCP engagement signal (de-identified, aggregate, fed back into our performance loop). Veeva CRM Approved Email for the field rep template library. Three products, covering DTC content workflow end-to-end. We can extend to RIM if regulatory needs visibility.
OAuth 2.0 against your Veeva sandbox first. We map about 28 metadata fields to PromoMats, audience, indication, channels deployed, expiration. Validation cycle in your sandbox before any production data. Typical build window is 4–6 weeks during onboarding.
No. Veeva stays your system of record. We sit alongside it, our outputs flow into your existing PromoMats workflow as a structured submission package. Your MLR team uses Veeva exactly the way they do today.
Your media agency does. CMI, Real Chemistry, whoever's on retainer. We don't buy media. We hand off MLR-approved files + spec sheets through their preferred portal, then pull their raw performance data back via API so the same dashboard shows social + email + media-agency numbers in one view. The connection is hourly, so you don't get the report-discrepancy problem where your platform numbers and your agency numbers drift apart.
Social paid + organic (Meta, Instagram, TikTok, LinkedIn, Reddit). Email through Salesforce Marketing Cloud. Owned web through your CMS API (e.g., Compound DT-204.com). Programmatic, video paid, search go to your media agency.