Security

Security and Privacy by Design.

Tachova is built with security and privacy best practices, including role-based access controls, private document storage, encrypted connections, and activity audit logging.

Data Protection

Encryption in transit (TLS 1.2+)
Encryption at rest
Secure cloud infrastructure with isolated tenants

Access Controls

Role-based permissions
Strong user authentication
Session management with secure token rotation

Audit Logging

User login activity
Document uploads
Document downloads
Status updates
Administrative actions

Monitoring

Continuous access monitoring
Activity logging across the platform
Regular security reviews

Business Continuity

Database backups are handled through Supabase Cloud infrastructure
Additional backup and recovery controls may depend on the selected Supabase plan
Availability monitoring

Compliance Posture

Role-based access controls
Private document storage
Encrypted connections (TLS in transit, encryption at rest)
Activity audit logging
Evolving toward HIPAA-ready infrastructure

Compliance Statement

Tachova is built with security and privacy best practices, including role-based access controls, private document storage, encrypted connections, and activity audit logging. Our platform is designed to support healthcare provider operations and continues to evolve toward HIPAA-ready infrastructure.

We do not claim full HIPAA compliance. Achieving full compliance requires completed vendor agreements (including Business Associate Agreements), documented policies, risk assessments, and the full set of administrative, physical, and technical safeguards.