Encryption
All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.
Access Controls
Role-based access ensures users only see data relevant to their responsibilities.
Secure Backups
Automated encrypted backups ensure your data is never lost and can be recovered.
Audit Logging
Comprehensive logging of all system access and changes for compliance and security.
Infrastructure Security
Cloud Hosting
Our platform is hosted on enterprise-grade cloud infrastructure with multiple layers of physical and network security, including biometric access controls and 24/7 monitoring.
Network Security
- Web Application Firewall (WAF) protection against common attacks
- DDoS mitigation and traffic filtering
- Intrusion detection and prevention systems
- Regular vulnerability scanning and penetration testing
Server Security
- Hardened server configurations following CIS benchmarks
- Automatic security patches and updates
- Segregated environments for development, staging, and production
- Regular security audits and assessments
Application Security
Secure Development
Our development team follows secure coding practices including code reviews, static analysis, and security testing throughout the development lifecycle.
Authentication
- Strong password requirements with bcrypt hashing
- Session management with secure, HTTP-only cookies
- Protection against brute force attacks
- Secure password reset mechanisms
Data Protection
- Input validation and output encoding to prevent injection attacks
- CSRF protection on all forms
- XSS prevention through content security policies
- SQL injection prevention through parameterized queries
Compliance & Standards
We maintain security practices aligned with healthcare industry standards and regulations.
Business Associate Agreement
We provide Business Associate Agreements (BAAs) for organizations that require them. Contact us for more information about our BAA process.
Data Retention
Training completion records are retained in accordance with HIPAA requirements (minimum 6 years). Organizations can export their data at any time and request deletion when appropriate.
Organizational Security
Employee Training
All team members undergo security awareness training and understand their responsibilities in protecting customer data.
Access Management
- Principle of least privilege for all system access
- Regular access reviews and prompt deprovisioning
- Background checks for employees with data access
- Multi-factor authentication for administrative access
Incident Response
We maintain an incident response plan that includes procedures for detection, containment, investigation, and notification in the event of a security incident.
Report a Security Issue
If you discover a security vulnerability, please report it responsibly. We appreciate your help in keeping our platform secure.
Contact Security Team