← Back to Home

Security & HIPAA Compliance

Your patient data, protected by design

HIPAA Compliant

Full regulatory compliance

AES-256 Encryption

Bank-grade security

SOC 2 Ready

Audit-ready infrastructure

PCI DSS

Secure payments via Stripe

Our Security Commitment

Security is not an afterthought at Dalphene—it's foundational. Every feature, every line of code, every infrastructure decision is made with your patient data protection in mind.

We designed Dalphene from the ground up for healthcare. Not adapted from salon software. Not a generic tool with "HIPAA mode" bolted on. Purpose-built for medical aesthetics with security woven into the architecture.

HIPAA Compliance

Business Associate Agreements (BAA)

We sign BAAs with every medical spa customer at no additional cost. Our BAA establishes clear responsibilities for PHI protection, breach notification, and compliance monitoring.

Subcontractor Compliance

Every third-party service that may access PHI—Stripe, Twilio, Google Cloud—maintains a BAA with us and appropriate compliance certifications. No exceptions.

Minimum Necessary Standard

Role-based access controls ensure staff see only the data they need for their job. Front desk sees scheduling. Only authorized clinical staff access medical records.

Complete Audit Trails

Every access to patient data is logged with timestamps, user identification, and action taken. Immutable audit logs are retained for 6+ years for compliance and forensic purposes.

Technical Security Measures

Encryption

  • At Rest: AES-256 encryption for all stored data
  • In Transit: TLS 1.3 for all data transmission
  • Keys: Hardware Security Module (HSM) key management

Access Controls

  • MFA: Multi-factor authentication supported
  • RBAC: Role-based permission system
  • Sessions: Automatic timeout on inactivity

Threat Protection

  • WAF: Web Application Firewall protection
  • DDoS: Distributed denial-of-service mitigation
  • IDS: Intrusion detection systems

Monitoring

  • 24/7: Continuous security monitoring
  • Alerts: Real-time anomaly detection
  • Response: Incident response procedures

Infrastructure Security

☁️

Google Cloud Platform

HIPAA-eligible, SOC 2, ISO 27001 certified infrastructure

🇺🇸

US-Based Data Centers

Your data stays in the United States with multiple redundancy

🔄

Automatic Backups

Continuous backups with point-in-time recovery capabilities

What We Don't Do

Transparency means being clear about what we won't do with your data:

  • We never sell your patient data to third parties
  • We never use patient data for advertising or marketing
  • We never share identifiable data with unauthorized parties
  • We never train AI on your specific patient records

Ready to Get Started?

Request your Business Associate Agreement and get full access to our security documentation.

Request BAA

Security Questions?

We're transparent about our security practices. Ask us anything.

Email: medspa@automationcoreinc.com

Subject: Security Inquiry

We respond to security inquiries within 24 hours.