Security & Compliance
Protecting sensitive care data is our highest priority. We implement enterprise-grade security to keep your information safe.
Pursuing SOC 2 Type I Certification
Our security controls are aligned with AICPA Trust Service Criteria
How We Protect Your Data
PHI Field-Level Encryption
All protected health information is encrypted at rest using AES-256-CBC encryption. Phone numbers, addresses, dates of birth, and other sensitive fields are never stored in plain text.
Comprehensive Audit Logging
Every access to sensitive data is logged with timestamps, user identification, and action details. Full audit trails enable compliance reporting and security monitoring.
Multi-Tenant Data Isolation
Each organization's data is completely isolated in separate databases. There is no possibility of data leakage between organizations.
Role-Based Access Control
Granular permission levels ensure users only access data relevant to their role. Admins can customize access for case managers, agency admins, and staff.
Security Headers & Rate Limiting
Industry-standard security headers (HSTS, CSP, X-Frame-Options) protect against common web vulnerabilities. Rate limiting prevents abuse and brute-force attacks.
HIPAA-Aligned Practices
Our security practices align with HIPAA requirements for protected health information. We implement administrative, physical, and technical safeguards.
Compliance Status
Our Security Commitments
Security Questions?
If you have questions about our security practices or need to report a vulnerability, please contact us.