Trust & security.

Every byte of PHI is encrypted at rest and in transit.

• TLS 1.2+ enforced on every endpoint (HSTS preloaded)
• AES-256 encryption at rest across Postgres, Storage, and backups
• No PHI transmitted over unencrypted channels
• Per-tenant keys for file uploads in the proof-of-delivery bucket

Role-based access with row-level isolation per tenant.

• Postgres Row-Level Security (RLS) on every tenant-scoped table
• Role-based access: Admin, Dispatcher, Viewer, Pharmacy Staff
• Drivers never see medication names or clinical data
• Short-lived session tokens; mandatory reauth on privileged actions
• Per-device login tracking with remote revoke

Every delivery event is recorded and queryable.

• Immutable delivery_events log on every state transition
• Who, what, when, from where — including driver GPS context
• Exports available to Covered Entity on demand
• 7-year retention aligned with pharmacy recordkeeping

We only collect what a delivery requires. No more.

• No diagnosis data, no lab results, no clinical history
• Driver app shows first name, address, instructions, window — that's it
• Medication-level data restricted to pharmacy roles
• Patient phone numbers never shared with third parties for marketing

Multi-region, auto-scaled, instrumented.

• Hosted on Vercel + Supabase — SOC 2 and HIPAA-eligible infrastructure
• Automated database backups with point-in-time recovery
• Real-time alerting on error-rate and latency anomalies
• Target uptime 99.9% for production workloads

Faster notice than the HIPAA cap requires.

• Suspected Security Incidents reported within 24 hours of discovery
• Confirmed Breaches of Unsecured PHI reported within 10 calendar days
• Documented runbook for containment, eradication, and recovery
• On-call engineer + Privacy Officer rotation