arcade
Enterprise-Grade Security

Security you can
trust

Built from the ground up for healthcare. Every layer of our platform is designed to protect patient data with encryption, access controls, and comprehensive audit logging.

Explore Our SecurityContact Security Team
AES-256-GCM
Encryption
370+
Audit Event Types
7 Years
Log Retention
PKCE + JWT
OAuth Security
iOS App
Web Platform
HIPAA Compliant
Encryption at Rest

AES-256-GCM Encryption

All sensitive data encrypted using industry-standard AES-256 in Galois/Counter Mode. OAuth tokens, client secrets, and private keys are never stored in plaintext.

Encryption Process
Input
"OAuth Token"
AES-256-GCM
Generate IV
Import Key
AES-GCM Encrypt
Combine Output
Output
???
Key Length
256 bits
Maximum AES strength
IV Length
96 bits
12-byte random nonce
Auth Tag
128 bits
Integrity verification
Multi-Tenant Isolation

Row-Level Security

PostgreSQL RLS policies ensure complete data isolation between organizations. Click an organization to see how queries are automatically filtered.

Current Query Context:None selected - click an organization
Sarah Johnson
P001
Michael Chen
P002
Emily Davis
P003
James Wilson
P004
Lisa Martinez
P005
Robert Brown
P006
Jennifer Lee
P007
David Garcia
P008
Database-Level
Enforced by PostgreSQL, not application code
30+ Tables
RLS policies on all PHI-containing tables
Injection-Proof
Even SQL injection cannot escape RLS
Audit Logging

Comprehensive Activity Logging

Every PHI access, authentication event, and AI interaction is logged with full attribution. 370+ event types captured for 7-year retention.

No events in this category
Showing 0 of 0 events
370+ action types7-year retentionIP + User Agent logged
PHI Access
50+
VIEW_PATIENT, VIEW_MEDICATION
Authentication
20+
LOGIN, SESSION_CREATE
AI Operations
30+
AI_QUERY, AI_RESPONSE
Clinical
100+
FHIR_QUERY, SCRIBE_SESSION
OAuth Security

SMART on FHIR with PKCE

Industry-standard OAuth 2.0 flow with PKCE protection and JWT client assertions. Authorization codes cannot be intercepted, tokens are encrypted at rest.

OAuth 2.0 + PKCE Flow
Generate PKCE Parameters
Authorization Request
User Consent
Authorization Code
Token Exchange
Secure Storage
PKCE S256
SHA-256 code challenge
JWT Assertion
RS384 / ES384 signing
5-min Expiry
Short-lived JWT tokens
Encrypted Storage
AES-256-GCM at rest
iOS Security

Mobile Security Stack

Four layers of security protect patient data on iOS devices. From hardware-backed encryption to intelligent token management.

Hardware Security

  • Hardware-backed key storage via Secure Enclave
  • Tamper-resistant secure element
  • Cryptographic keys never leave the hardware
  • Protected even if iOS is compromised
Security Layer Stack
Token Management
Biometric Authentication
Keychain Storage
Hardware Security

Each layer builds on the security below it
Compliance Overview

HIPAA & Security Standards

Every security control verified and documented. Click to expand technical implementation details and compliance standard references.

15
Security Controls
15
Implemented
5
Categories
8
Standards Referenced

Ready to transform
healthcare together?

Join the health networks already connecting patients, families, and providers with AI-powered care coordination.

Request DemoInvestor Inquiries
HIPAA Compliant
SOC 2
FHIR R4