PracticeCoreBook a demo
SECURITY

Your data. Your hardware. If you want it.

We treat your PHI like it's our own. And if you'd rather it never leave your building, you can self-host the whole stack.

Book a demo
practicecore.ai/login
PracticeCore AI
Sign in to your practice
Email
you@practice.com
Password
••••••••••••
Forgot password?
Continue
SSO
Hardware key
Protected by MFA · Logged for audit · Your session encrypted in transit
YOUR DATA
Stays where you want it.
HIPAA-aligned by default. AES-256 at rest, TLS 1.3 in transit. Or run the whole stack on your own hardware.
HIPAA
BAA-ready
SOC 2
Type II path
Self-host
Docker stack
Audit log
Every action
WHAT'S IN PLACE

Security primitives you can audit.

HIPAA-aligned by default

BAA-ready. Encryption at rest (AES-256) and in transit (TLS 1.3). Logged, signed, retained.

RBAC + Row-Level Security

Role-based access control on every endpoint. Database-level RLS so a misconfigured query cannot cross tenants.

Full audit trail

Every access, every change, every export — recorded with user, time, IP, and prior value. Searchable.

Per-user MFA

TOTP or hardware key. Enforced at the org level. SSO available for groups.

Encrypted backups

Point-in-time recovery. Backups encrypted at rest with customer-managed keys for self-hosted deployments.

Self-host option

Docker Compose stack runs on your hardware. The patient record never leaves the building.

DATA OWNERSHIP

Your data, your export, your rules.

Every chart, every claim, every note — yours. Export at any time in open formats. No proprietary lock-in. No "we'll get back to you in 90 days." If you decide to leave, you leave with everything.

Want the security review packet?

Architecture diagrams, SOC 2 status, BAA template, and the self-host runbook.

Request the packet