Your data security is our top priority. Here is how we protect it at every level.
All data is encrypted at rest using AES-256, the same standard used by banks and government agencies. All data in transit is protected by TLS 1.3 encryption. Sensitive secrets are encrypted with authenticated ciphers (AES-256-GCM) ensuring both confidentiality and integrity.
Multi-factor authentication (TOTP) is available for all accounts. We use RS256 JWT tokens for secure session management backed by Redis. Tiered account lockout policies protect against brute-force attacks. Strong password policies enforce minimum complexity requirements.
PostgreSQL Row-Level Security (RLS) ensures complete tenant data isolation at the database level. Every query is automatically scoped to the current tenant, making cross-tenant data leaks architecturally impossible. This is enforced by the database engine itself, not application code.
Automated daily database backups with point-in-time recovery capability. All backup data is encrypted and stored in geographically separate locations. Regular backup restoration tests ensure data recoverability. Retention policies ensure backups are available when needed.
Deployed on hardened Linux servers behind Cloudflare Web Application Firewall (WAF). Docker containerization provides process isolation between services. Regular security updates and patch management ensure systems stay current. Network segmentation limits the blast radius of potential incidents.
HIPAA-ready architecture for healthcare products including ChiroBill. SOC 2 Type II certification is on our roadmap. Comprehensive audit logging captures all data access and modifications. Our architecture is designed to meet the compliance needs of regulated industries.
Every significant action is logged with actor identity, timestamp, affected entity, and metadata. Immutable journal entries ensure financial data integrity. Audit logs cannot be modified or deleted, providing a reliable record for compliance and forensic purposes.
Role-based access control (RBAC) with multiple built-in roles: owner, admin, manager, and user. Granular entitlement system allows fine-tuned permission management. API key authentication supports scoped permissions for integrations and automations.
AES-256
Encryption
At rest and in transit
RLS
Data Isolation
Database-level tenant isolation
HIPAA-Ready
Compliance
SOC 2 on the roadmap
If you discover a security vulnerability in any of our products, please contact us responsibly. We take all reports seriously and will respond within 24 hours.
Or reach us at [email protected]