Back to Home

Security & Compliance

Shift Warden LLC d/b/a ClinicWarden is built with security at every layer. Our platform is designed so your clinic's data stays protected while keeping compliance simple.

HIPAA-Ready Architecture

  • Client IDs used instead of patient names
  • No Protected Health Information (PHI) stored
  • Your EHR remains the system of record
  • Only compliance metadata is tracked

Encryption

  • TLS 1.2+ for all data in transit
  • AES-256 encryption for data at rest
  • Bcrypt password hashing with salting

Access Controls

  • Role-based access (admin, supervisor, clinician)
  • Row Level Security enforced at the database
  • Session management with automatic expiry
  • API key authentication with granular permissions

Audit Logging

  • Immutable audit trail for all actions
  • Every action timestamped and attributed
  • Exportable logs for compliance verification

Infrastructure

  • Hosted on Vercel (US East)
  • Database on Supabase (AWS)
  • Daily automated backups
  • Multi-AZ redundancy

Incident Response

  • Continuous security incident monitoring
  • Breach notification procedures in place
  • Regular security assessments

Compliance Documents

Review our legal and compliance documentation for full details on how Shift Warden LLC d/b/a ClinicWarden protects your data.

Privacy PolicyTerms of ServiceBusiness Associate AgreementData Processing AgreementSub-processors

Request a Business Associate Agreement

If your organization requires a BAA for HIPAA compliance, Shift Warden LLC d/b/a ClinicWarden is ready to execute one. Reach out to our legal team to get started.

Contact founder@clinicwarden.com