Security & Compliance

Protecting your health data with enterprise-grade security. We take the privacy and security of your medication and health information seriously.

Compliance Roadmap

SOC 2 Type II

In Progress

Partnered with Vanta

SOC 2 Type II certification demonstrates that AdherePod has established and follows strict information security policies. We are actively working through the Vanta compliance automation platform to achieve this certification.

Expected 2026

HIPAA

In Progress

Partnered with Vanta

HIPAA compliance ensures we meet the strict requirements for protecting electronic Protected Health Information (ePHI). As a healthcare platform handling medication data and voice conversations, HIPAA compliance is a top priority.

Expected 2026

What We Have Today

Our current security measures protect your data at every layer of the application.

Encryption at Rest

All data encrypted with AES-256 via Neon PostgreSQL on AWS with KMS key management.

Encryption in Transit

TLS 1.2/1.3 encryption on all connections. All API endpoints served over HTTPS.

Password Security

Passwords hashed with bcrypt. Minimum 8 characters required. Never stored in plain text.

Encrypted Sessions

JWE (JSON Web Encryption) tokens via NextAuth v5 for tamper-proof session management.

Role-Based Access Control

Admin and user roles with server-side enforcement on all API routes.

Secure Password Reset

Cryptographically random tokens (crypto.randomBytes), SHA-256 hashed, with 1-hour expiry.

CSRF Protection

Built-in Cross-Site Request Forgery protection via NextAuth framework.

Audit Logging

Email delivery tracking with SendGrid webhooks. Voice conversation logging with full transcripts.

Cascade Data Deletion

When a user account is deleted, all associated data (medications, conversations, emails) is automatically removed.

Per-User Data Isolation

All API routes scoped to authenticated user. No cross-user data access possible.

Infrastructure Partners

We build on trusted, compliance-ready infrastructure from industry-leading providers.

Vercel

SOC 2 Type II, ISO 27001, HIPAA-eligible

Application hosting and serverless functions

Neon

SOC 2 Type II, HIPAA-compliant, BAA available

Serverless PostgreSQL database

SendGrid / Twilio

SOC 2 Type II

Email delivery and SMS services

Vanta

Compliance automation

Continuous security monitoring and compliance management

Healthcare data security

What We're Working On

Our ongoing efforts to strengthen security and achieve full compliance.

Business Associate Agreements (BAAs) with all vendors
Formal HIPAA risk assessment
Third-party penetration testing
Multi-factor authentication (MFA)
Enhanced audit logging and monitoring
Written security policies and incident response plan

Security Questions?

For security questions or to report a vulnerability, contact us at support@adherepod.com

Phone: 203-470-9996