Compliance and security the best DPCs already trust

Security

Active

Encrypted at Rest

All patient data is encrypted using AES-256 when stored — the same standard used by major banks and hospitals.

Active

Encrypted in Transit

Every connection between your browser and our servers is protected with TLS 1.3 encryption. No data ever travels unprotected.

Active

Strict Access Controls

Only authorized members of your practice can access patient data. Permissions are role-based and auditable at every level.

Compliance

HIPAA

HIPAA Compliance Documentation

Request access

Policy

Access Control Policy

How we manage who can access systems and patient data, including authentication, authorization, and session management.

Asset Management Policy

How we track, classify, and protect every device and system that touches patient information.

Breach Notification Policy

Our step-by-step process for detecting, responding to, and notifying affected parties in the event of a data breach.

Business Continuity, Backup and Recovery Policy

How we keep Tabflows running and your data safe during outages, disasters, or unexpected events.

Code of Conduct

The unwavering ethical standards and professional guidelines every Tabflows team member follows.

Subprocessors

Third-party subprocessors Tabflows works with:

Google Cloud Platform

Google Cloud Platform

Comprehensive public cloud computing platform offering infrastructure, data analytics, AI, security, and developer tools.

Google Workspace

Google Workspace

Cloud-based productivity suite that enables businesses to manage their email, calendar, and documents.

GitHub

GitHub

Code hosting platform for version control and collaboration.