Security is table stakes.

We treat security as a first-class feature — not an afterthought. Every layer of RetainOS is designed to protect patient data and clinic operations.

Infrastructure

Cloudflare Edge

DDoS protection, WAF, SSL/TLS termination. All traffic routes through Cloudflare's global network before reaching our origin.

Supabase (RDS)

PostgreSQL database with automated backups, point-in-time recovery, and encryption at rest. Hosted on AWS us-east-1.

Zero Trust Network

All internal services communicate over mTLS. No open ports. Database accessible only via private networking.

Application Security

Authentication

Supabase Auth with Row Level Security. All database queries are scoped to the authenticated user's role and clinic. No direct database access from the client.

API Security

Cloudflare Pages Functions handle all server-side logic for sensitive operations (auth, payments). Rate limiting, CORS, and CSRF protection enabled.

Dependency Scanning

Automated npm audit and Dependabot alerts run on every commit. Critical vulnerabilities are patched within 24 hours.

Penetration Testing

We conduct quarterly third-party penetration tests. Full reports are available to enterprise customers under NDA.

Report a vulnerability

We maintain a bug bounty program for responsible disclosure.

security@retaindental.com