Skip to content
Mission Valley
Security & Compliance

Built for healthcare from day one.

HIPAA-compliant infrastructure with AES-256 encryption, tamper-proof audit logs, and role-based access control. Architected in from day one, not added later.

Book Your 15-Min DemoTry the AI yourself
Security Overview
AES-256
Encryption at rest
SHA-256
Audit hash chain
MFA
Enforced for staff
RBAC
Clinic-scoped
HIPAA compliant

Security at every layer

AES-256-GCM Encryption

All PHI encrypted at rest with AES-256-GCM. Field-level encryption via Prisma middleware ensures sensitive data is never stored in plaintext. Key rotation supported.

Tamper-Proof Audit Logs

Append-only audit trail with SHA-256 hash chain verification. 6-year retention policy with automatic S3 Glacier archival for long-term compliance.

Multi-Factor Authentication

TOTP-based MFA with backup codes for all staff accounts. Multi-factor authentication enforced on sensitive operations like PHI export and account changes.

Role-Based Access Control

Patient, staff, and admin roles with granular permissions. Clinic-scoped multi-tenancy ensures practices only see their own data.

Session Security

15-minute idle timeout with automatic session termination. JWT token blacklist backed by Redis. Re-authentication required for sensitive operations.

Infrastructure

VPC isolation for all services. Clerk SSO integration (SOC 2 Type II certified). No PHI in error tracking. Sentry data masking enforced across all environments.

HIPAA compliance program

Not just encryption. A complete compliance program with documentation, policies, and vendor management.

  • Business Associate Agreements (BAAs) with AWS and Clerk
  • Disaster recovery plan with documented RPO and RTO targets
  • Incident response plan with defined escalation procedures
  • Written security policies covering access control, encryption, and breach notification
  • Annual risk assessments and remediation tracking

Trust but verify

We publish our Privacy Policy and Terms of Service so you can review exactly how we handle data, what we collect, and what we don't. No surprises.

Need a BAA, security questionnaire, or SOC 2 documentation? We're happy to provide them during onboarding.

See the security architecture firsthand.

We'll walk you through encryption, audit logs, our BAA process, and any compliance documentation you need. All in 15 minutes.

Book Your 15-Min Demo

No long-term contract. Cancel anytime.