Security

Security is a prerequisite, not a feature

Every layer of the Synexar platform is built with healthcare-grade security. From encryption to access control, we protect patient data at every stage of the procedural documentation workflow.

SMART-on-FHIR integration validated in Cerner and Epic sandbox environments. Synexar operates as non-device clinical documentation software under FDA's Clinical Decision Support guidance (21st Century Cures Act).

Security Infrastructure

Six layers of protection

End-to-End Encryption

TLS 1.3 in transit, AES-256 at rest. Every byte of patient data is encrypted — in motion and at rest — with no exceptions.

Row-Level Security

PostgreSQL RLS policies enforce organization-level data isolation at the database layer. No application-level workarounds — isolation is structural.

Microsoft Entra ID

Enterprise SSO with MSAL, multi-tenant JWT validation. Your existing identity provider, zero additional credentials to manage.

Role-Based Access Control

RBAC with organization-level isolation. Physicians, billers, administrators — each role sees exactly what they need, nothing more.

Audit Logging

Every action logged with user, timestamp, IP, and change details. Complete audit trails for compliance reviews and incident response.

Azure Infrastructure

App Service, PostgreSQL Flexible Server, Key Vault, Blob Storage. Enterprise-grade cloud infrastructure with Microsoft's security guarantees.

Compliance

Standards we meet

Healthcare compliance is non-negotiable. Here's where we stand.

SOC 2
Certified
HIPAA
Certification in Progress
BAA
Available
HITRUST
Planned
Data Handling

How we handle your data

Transparency in every stage of the data lifecycle — from processing to secure deletion.

Processing

All PHI processing occurs within Azure regions. No data leaves the cloud boundary. Processing is stateless — no persistent caches of unencrypted data.

Storage

PostgreSQL with RLS. Encrypted at rest. Organization-isolated. Every row belongs to a single tenant — enforced at the database level, not the application level.

Transmission

TLS 1.3. No unencrypted channels. Certificate pinning. Every API call, every WebSocket connection, every file transfer — encrypted without exception.

Retention

Configurable retention policies per organization. Secure deletion with audit trail. When data is deleted, it's gone — verified and documented.

Questions about security?

Our team is ready to discuss security requirements, compliance documentation, and BAA agreements.

Contact Security Team Explore Platform