HIPAA compliance

I’m looking into deploying a model through Gradio spaces that takes images uploaded by the user and outputs some information. The input images may have personally identifying information in the metadata, but we don’t intend to keep the uploaded images in persistent storage (if they’re deleted when the space goes to sleep, that’s fine).

I saw the SOC2 Type 2 certification, but I’m wondering if this also applies to spaces.

Thank you!