We use cookies to analyze site usage and improve your experience. You can accept all, reject non-essential, or customize. See our Privacy Policy.
Trust
Healthcare-grade safeguards on every byte of your data.
All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Database backups are encrypted and stored in geographically separated regions.
Production access requires SSO, hardware-key MFA, and least-privilege role assignment. PHI access is logged and reviewed. Engineers do not access patient data unless required for clinical support, and every access is auditable.
Subprocessors handling PHI sign Business Associate Agreements (BAAs). We review SOC 2 reports for every vendor in our PHI path annually.
We run automated dependency scanning, static analysis, and continuous infrastructure monitoring. Critical CVEs are patched within 7 days; high within 30. We engage third-party penetration testers annually.
We maintain a documented incident response plan with on-call rotation, defined severity levels, and customer notification timelines that meet HIPAA Breach Notification Rule requirements.
If you've found a security issue, please email security@kindr.health. We acknowledge reports within 2 business days. Please do not access patient data, perform DoS testing, or social-engineer staff.
You can request access to, correction of, or a copy of your medical record at any time — see our Privacy Policy and HIPAA Notice.