Security · HIPAA
Security built for dental practices.
Every message, every attachment, every AI prompt — encrypted end-to-end, audited live, and stored on infrastructure that signs a BAA without flinching.
Encryption everywhere
- AES-256 encryption at rest for every patient record, message, and media file
- TLS 1.3 for every transit hop — your inbox to our edge, our edge to the carrier
- Signed URLs for MMS attachments · 24-hour TTL · zero public exposure
HIPAA compliance, audited
BAA on file from day one. Access logging on by default with 90-day retention. PHI auto-redaction before any AI prompt — no patient identifiers ever leave our infrastructure.
We host on HIPAA-eligible cloud infrastructure with media on Denta Storage (signed-URL, audit-logged). Every action — login, message, AI reply, contact edit — is logged with user, timestamp, and source IP.
Independent posture
- SOC 2 Type II — in progress, completion Q3
- Annual penetration testing by a third-party firm
- Quarterly internal access reviews · role-based permissions
- Customer-controlled data export and deletion · 30-day SLA