Recovery PredictiveHome

Security

Last updated June 29, 2026

Encryption

All traffic uses TLS 1.2 or higher. Data at rest is encrypted with AES-256 on managed cloud infrastructure.

Access control

Every clinical table is protected by row-level security scoped to the owning clinic. Staff access is bounded by role (Clinician, Clinic Admin, Super Admin) and revoked immediately on removal.

Authentication

Email + password with leaked-password protection enabled. Minimum 8 characters on signup. Sessions are stored in browser secure storage and invalidated on sign-out across tabs.

Audit logging

Sensitive actions — assessments, plan changes, document access, member removal — are written to an immutable audit log available to Clinic Admins and exportable to CSV.

Operational practices

  • Least-privilege access for engineering staff.
  • Automated dependency and vulnerability scanning.
  • Encrypted automated backups with point-in-time recovery.
  • Incident response targets: notify affected customers within 72 hours of confirmed breach.

Reporting a vulnerability

Please email security@leanengineering.io. We acknowledge reports within 2 business days.