← Back to PathrivaSecurity
Built for HIPAA-regulated healthcare data from the ground up.
Infrastructure
●Google Cloud Platform with signed BAA
●BigQuery with AES-256 encryption at rest
●Cloud Run (serverless)
●US-only data residency
●Cloudflare WAF for edge protection
Authentication
●JWT-based authentication (8-hour expiry)
●Multi-tenant isolation — customer_id from JWT only
●RBAC: super_admin, admin, operator, viewer
●PBKDF2-HMAC-SHA256, 600K iterations (OWASP 2023)
Data Protection
●AES-256 at rest, TLS 1.2+ in transit
●All queries parameterized — SQL injection impossible
●PHI never sent to external AI APIs
●No PHI in browser storage
Compliance
●HIPAA BAA: Signed
●GCP BAA: Signed (April 2026)
●SOC 2 Trust Protocol: A+ (64/64 controls)
●252 automated security tests