Security & Compliance
CCL takes security seriously. We are a HIPAA-compliant platform, and apply those same physical and policy controls to all use cases, whether or not they are healthcare-related.
End-to-End Encryption
All data in transit is strongly encrypted. All requests are sent securely using TLS protocols, AES256 encryption, and SHA2 signatures. Passwords are salted and hashed. Access tokens are 256-bit and hashed when stored in the
database.
Secure Data Infrastructure
Our cloud infrastructure is an ISO 27000/SOC 1 and SOC 2 compliant data center. Our data infrastructure is also NIST, FIPS, FISMA, and HIPAA compliant. Our servers and data stores are hosted in U.S. data centers to ensure FOIA compliance.
Organizational Security
To minimize risks of organizational access and exposure, we adhere to least privilege principles. We limit access to servers to necessary personnel via AWS private keys. Both production and development database access is restricted and monitored.