You sign with a Texas company — your code is yours.
What you (and your lawyer) need before signing: who you contract with, who owns what, and how you’re protected under U.S. law.
Who you sign with
iTech Dev Corp — a U.S. entity in Laredo, Texas (6999 McPherson Rd, Suite 107, 78041; EIN 30-1492165). It’s a Corp, not an LLC. Your contract and legal relationship are with this company, under Texas law.
Your intellectual property
The custom work you pay for is assigned to you (work-for-hire) under U.S. law upon payment. Even though our team in Mexico writes the code, the assignment protects you, in U.S. jurisdiction.
Clear contracts
Mutual NDA before we start, an MSA that defines the relationship, and a SOW per project with scope, phases and price in USD. No “that wasn’t included.”
Your data
Handling aligned to CCPA, we sign a DPA when needed, and access control. We don’t sell data.
On certifications: we tell you straight.
We hold CMMI Level 2, mature processes and NDA/access control. We do NOT have SOC 2 or ISO 27001 — and we won’t claim what isn’t true. If your industry requires it (healthcare/HIPAA, etc.), we’ll tell you exactly where we stand and how we handle it.
Healthcare, sensitive data and compliance — without promises we can’t keep
If you handle health data or sensitive information, you deserve to know exactly where we stand. Here’s what we DO today — and what we still do NOT.
What we DO
A mutual NDA before we touch anything, a BAA when applicable for PHI handling, role-based access control, least-privilege principle, access logging and CCPA-aligned data handling. We work on your cloud or one we define with you, with encryption in transit and at rest.
What we do NOT have yet
We don’t have SOC 2 or our own HIPAA certification yet. Signing a BAA and handling PHI with controls is NOT the same as being “HIPAA certified” — and we won’t present it that way. If your project requires a formal attestation (SOC 2, HITRUST, a HIPAA audit), we’ll tell you straight and figure out how to cover it with you or a third party.
Healthcare & clinics
For clinical workflows with PHI we start from a BAA, data segmentation, auditable access and a DPA when third parties are involved. We design the architecture to minimize the PHI surface from day one — we don’t patch it later.
Honesty about our cases
We have a case in the healthcare sector, VB Medical, but let’s be clear: it’s an orders and warehouse system — logistics, not a clinical or medical-records system handling PHI under HIPAA. We don’t present it as clinical/HIPAA experience because it isn’t. We’d rather tell you the true scope than inflate a case.
The rule we don’t break.
We will never claim we’re “HIPAA certified” nor sell a logistics case as if it were clinical capability. If what you need requires something we don’t have yet, we tell you before you sign — not after.