CareBridge Connect← Back to Home
HIPAA Compliant · SOC 2 Type II

Enterprise-grade security built for healthcare.

Your residents’ data deserves the highest level of protection. CareBridge Connect is built on HIPAA-compliant, SOC 2 Type II certified infrastructure with end-to-end encryption.

Certifications & Standards

We meet and exceed the security standards required by healthcare organizations and regulatory bodies.

HIPAA Compliant

Full compliance with HIPAA Privacy, Security, and Breach Notification Rules. BAA available for all paid plans.

SOC 2 Type II Infrastructure

Our infrastructure providers maintain SOC 2 Type II certification with continuous monitoring and auditing.

AES-256 Encryption

All data at rest is encrypted using AES-256, the same standard used by financial institutions and government agencies.

TLS 1.3 in Transit

All data transmitted between your devices and our servers is protected with TLS 1.3, the latest transport security protocol.

Infrastructure Partners

We partner with industry-leading infrastructure providers that maintain the highest levels of security certification.

Supabase

SOC 2 Type II, HIPAA-eligible

Database and authentication infrastructure with row-level security, encrypted backups, and HIPAA-eligible configuration.

Vercel

SOC 2 Type II

Application hosting with global CDN, DDoS protection, and automatic SSL certificate management.

Resend

GDPR Compliant

Transactional email delivery for care notifications with high deliverability and data processing agreements.

Data Protection

  • PHI never leaves US infrastructure
  • Encryption at rest (AES-256)
  • Encryption in transit (TLS 1.3)
  • Row-level security — each facility's data is isolated
  • 99.9% uptime SLA

Access Controls

  • Role-based access: Admin, Nurse, Primary Family, Family
  • Audit logging on all PHI access events
  • Session management with automatic timeout
  • Multi-factor authentication support

Compliance

We maintain rigorous compliance standards to ensure your facility meets all regulatory requirements.

  • HIPAA Business Associate Agreement (BAA) available for all paid plans
  • CMS data retention standards — 7-year audit log retention
  • Regular security reviews and vulnerability assessments
  • Incident response plan with 24-hour breach notification

Questions about security?

Our security team is available to discuss your compliance requirements, review our security documentation, or schedule a security assessment call.

Contact Security Team

security@carebridgeconnect.ai