Trust
Your clients trust you with their most sensitive information. We take that seriously. Security isn't a feature — it's the foundation everything else is built on.
All data is encrypted at rest using AES-256 and in transit using TLS 1.3. Database-level encryption ensures that even in the event of unauthorized physical access, your data remains unreadable. Encryption keys are managed using a dedicated key management service with automatic rotation.
Role-based access controls (RBAC) ensure that practitioners, billing staff, and administrators only see what they need to. Every access to Protected Health Information is logged with a full audit trail. Multi-factor authentication is available and strongly recommended for all accounts.
Tendly is fully HIPAA-compliant. We sign a Business Associate Agreement (BAA) with every customer automatically upon account creation. Our infrastructure, processes, and staff training all meet or exceed HIPAA Security Rule requirements. We undergo regular third-party audits and risk assessments.
We maintain a documented incident response plan that includes detection, containment, eradication, recovery, and post-incident review. In the event of a breach affecting Protected Health Information, we will notify affected customers within 60 days as required by the HIPAA Breach Notification Rule.
Our platform is monitored 24/7 for anomalous activity, unauthorized access attempts, and security events. All administrative actions are logged and reviewed. We use automated intrusion detection systems and conduct regular penetration testing by accredited third-party security firms.
We take all security reports seriously. If you believe you've found a security vulnerability in our platform, please report it responsibly. We aim to acknowledge all reports within 24 hours and will keep you updated as we investigate and resolve the issue.
Report a vulnerability