Security built for healthcare
Enterprise-grade security isn't an add-on — it's how we built the product from day one.
SSO/SAML Authentication
Integrate with your hospital's identity provider. SAML 2.0 support included on every plan — no add-on fee.
Encryption Everywhere
Data encrypted at rest (AES-256) and in transit (TLS 1.3). Database-level encryption via Supabase managed Postgres.
Row-Level Security
Every database table enforces row-level security policies. Your data is isolated — even at the query level.
Role-Based Access Control
Four roles — Admin, Activity Manager, Faculty, Learner — with granular permissions. Users only see what they need.
Audit Logging
Every significant action is logged with timestamp, actor, and details. Full audit trail for compliance reviews.
SOC 2-Aligned Infrastructure
Built on SOC 2 Type II certified vendors (Supabase, Railway, GitHub). Our own SOC 2 Type I audit is in progress.
Vendor compliance
Every vendor in our stack holds SOC 2 Type II certification or equivalent.
| Vendor | Certifications |
|---|---|
| Supabase (Database & Auth) | SOC 2 Type II, HIPAA eligible |
| Railway (Compute) | SOC 2 Type II |
| GitHub (Source Code) | SOC 2 Type II, ISO 27001 |
| Resend (Email) | SOC 2 Type II |
| Sentry (Error Monitoring) | SOC 2 Type II |
Questions about security?
We're happy to share our security documentation and answer IT team questions.
Contact us