CareVieo

Security at CareVieo

Home-care data is some of the most sensitive in healthcare. Our platform is built so agencies can move fast without compromising patient privacy.

Encryption everywhere

TLS 1.2+ in transit. AES-256 at rest. Column-level encryption for PHI fields with managed keys.

Identity & access

Email + password with enforced MFA for PHI roles, role-based access, session timeouts, and SAML SSO on Enterprise.

Auditing

Every PHI read and write is logged with actor, timestamp, IP, and reason. Append-only audit trail retained for six years.

Infrastructure

Hosted on Cloudflare and Supabase — both operate under SOC 2 Type II programs. Tenant data is isolated with row-level security.

HIPAA-aligned

BAAs in place with every subprocessor that handles PHI. Customer BAA signed in-app during onboarding. Administrative, physical, and technical safeguards align with the HIPAA Security Rule.

Incident response

Monitoring with on-call rotation. Documented incident-response runbook. Breach notification within the timelines required by law and your BAA.

Report a vulnerability

We welcome responsible disclosure. Email security@carevieo.com with details and steps to reproduce. We respond within two business days.

Need our subprocessor list, penetration-test summary, or hosting providers' SOC 2 reports? Request our trust packet. Our own SOC 2 Type II audit is on the roadmap.