HIPAA-Ready Architecture.

We built RetainOS with HIPAA requirements baked in from day one. While we're not a Covered Entity (that's you, the clinic), our platform is designed to support your HIPAA compliance program.

Encryption at Rest & In Transit

All PHI encrypted with AES-256 at rest (Supabase PostgreSQL RDS) and TLS 1.3 in transit. Backups are also encrypted.

Access Controls

Role-based access (admin, clinician, patient). Unique user IDs, automatic session timeout, and audit logs for every PHI access event.

BAAs Signed

We execute Business Associate Agreements with every clinic. Our subprocessors (Supabase, Cloudflare) also sign BAAs and maintain SOC 2 Type II reports.

Audit Logs

Every access to patient data is logged with timestamp, user ID, action type, and IP address. Logs are immutable and retained for 6 years.

Need a BAA?

We provide Business Associate Agreements as part of the onboarding process. Sign up and we'll send one over within 24 hours.

Build My App