We treat security as a first-class feature — not an afterthought. Every layer of RetainOS is designed to protect patient data and clinic operations.
DDoS protection, WAF, SSL/TLS termination. All traffic routes through Cloudflare's global network before reaching our origin.
PostgreSQL database with automated backups, point-in-time recovery, and encryption at rest. Hosted on AWS us-east-1.
All internal services communicate over mTLS. No open ports. Database accessible only via private networking.
Supabase Auth with Row Level Security. All database queries are scoped to the authenticated user's role and clinic. No direct database access from the client.
Cloudflare Pages Functions handle all server-side logic for sensitive operations (auth, payments). Rate limiting, CORS, and CSRF protection enabled.
Automated npm audit and Dependabot alerts run on every commit. Critical vulnerabilities are patched within 24 hours.
We conduct quarterly third-party penetration tests. Full reports are available to enterprise customers under NDA.
We maintain a bug bounty program for responsible disclosure.
security@retaindental.com