Your Patients' Data Is Protected
We're built exclusively for HIPAA-covered providers. Every message, note, and file is protected with bank-grade security and complete traceability.
Your Data Belongs to You. Always.
We operate on a strict data-sovereignty model. You are the custodian; we are simply the vault.
You own everything
All patient data is yours. You can export your entire database or permanently delete records at any time without friction.
We never sell or share data
We do not sell data to third parties. Not for advertising, not for research, not ever. Your business model is our only business model.
No AI training on your data
We never use your patient data to train AI models. Period.
No cross-tenant access
Row-level security policies ensure strict isolation. One practice can never technically access another practice's data.
Bank-Grade Security,
Built In
End-to-end encryption
All data is encrypted in transit via TLS 1.3 and at rest using AES-256. Not even database administrators can see raw PHI in normal operation.
Principle of least privilege
Role-Based Access Control (RBAC) allows you to define granular permissions. Team members see only what they need.
Automatic session timeout
Inactive sessions automatically lock after 15 minutes to prevent unauthorized access on shared devices.
Your Account Is Protected 24/7
We monitor for suspicious activity and give you full control over your sessions.
- Anomaly detectionWe alert you instantly on suspicious logins (new device, unusual location, or brute-force attempts).
- Recent login insightsView a full history of login activity, including time, location, device, and IP address.
- Active session managementSee all current sessions across devices and revoke any suspicious one with one click.
- Automatic session timeoutInactive sessions log out after 15 minutes automatically.
| Device | Location | Action |
|---|---|---|
MacBook Pro Current Session | San Francisco, CA 192.168.1.42 | Active |
iPhone 14 Active 2h ago | San Francisco, CA 10.0.0.12 |
Designed to Support Your
HIPAA Compliance
We implement technical safeguards to support your HIPAA compliance, while you manage administrative and physical controls. Our platform is auditable by design.
- Business Associate Agreement (BAA)We sign a BAA with every practice.
- Full Audit TrailEvery view, edit, print, and export is permanently logged with the user ID, timestamp, and IP address.
- Immutable Consent RecordsBAA and Terms of Service acceptances are cryptographically logged and cannot be altered retrospectively.
Secure Infrastructure
All third-party services handling data are covered by BAAs. OpenAI has a zero data retention agreement. Your data is never used for training.
Your Data Is Safe, Even If Something Goes Wrong
Daily Encrypted Backups
Automated, redundant backups with point-in-time recovery ensure you never lose work due to a system failure.
Disaster Recovery Tested
We regularly test our disaster recovery procedures to help ensure data availability even in catastrophic scenarios.
Export Anytime
Export or delete patient records anytime. No questions asked.
We Take Security Seriously So You Can Focus on Care
Risk Assessments
We conduct annual security reviews and penetration testing to stay ahead of threats.
Support & Troubleshooting
We only access your account when you request help. Any data viewed is limited to anonymized logs needed to resolve the issue.
Open Comms
Security incidents are disclosed promptly and transparently per our breach policy.
Ready to secure your practice?
Join providers who trust us with their clinical data. Start with a 14-day free trial.