Security is foundational

Health data demands the highest protection. We built security into every layer, not as an afterthought.

Compliance

HIPAA

Ready

BAA available for enterprise customers.

SOC 2

In progress

Following SOC 2 security controls.

GDPR

Compliant

Data portability and deletion rights.

Security measures

Multiple layers of protection at every stage.

AES-256 encryption

All data encrypted at rest using AES-256-GCM.

TLS 1.3

End-to-end encryption for every API call.

Row-level security

Users can only access their own data.

Audit logging

Every PHI access logged with full context.

OAuth 2.0

Secure provider connections with token rotation.

Data isolation

Multi-tenant architecture with strict separation.

Responsible disclosure

Found a vulnerability? We take security seriously.

security@onewell.health

We acknowledge reports within 24 hours.

Questions about security?

Read our documentation or get in touch with our team.