Security
Enterprise-grade security for healthcare
Dentlo is built on a security-first architecture. Every layer of our platform is designed to protect patient data and keep your practice safe.
SOC 2
Type II Certified
HIPAA
Fully Compliant
256-bit
AES Encryption
99.9%
Uptime SLA
Our Approach
Security built into every layer
From encryption to access control, our multi-layered security posture protects your data at every touchpoint.
Encryption Everywhere
AES-256 encryption at rest and TLS 1.3 in transit. Your data is unreadable to anyone without authorization — at every stage of its lifecycle.
SOC 2 Type II Certified
Our infrastructure and processes are independently audited annually against the AICPA Trust Services Criteria for security, availability, and confidentiality.
HIPAA Compliant
Purpose-built for healthcare. We maintain full HIPAA compliance with executed Business Associate Agreements, administrative controls, and technical safeguards.
Zero-Trust Access
Role-based access control, multi-factor authentication, and least-privilege policies ensure only authorized personnel can access sensitive systems.
Continuous Monitoring
Real-time intrusion detection, SIEM-based log analysis, and automated alerting give us visibility into every event across our infrastructure.
Penetration Testing
Independent security firms conduct penetration tests at least annually. We also run continuous vulnerability scanning and automated dependency audits.
In Depth
Security practices & infrastructure
Network Security
- Network segmentation isolates PHI from other systems
- Web Application Firewall (WAF) protects all endpoints
- DDoS mitigation with automatic traffic filtering
- Private VPC with no direct internet exposure for backend services
Business Continuity
- 99.9% uptime SLA backed by redundant infrastructure
- Automated failover across multiple availability zones
- Daily encrypted backups with point-in-time recovery
- Documented disaster recovery plan tested quarterly
Audit & Compliance
- Comprehensive audit logs retained for 6+ years
- Immutable logging prevents tampering or deletion
- Annual SOC 2 Type II and HIPAA risk assessments
- Automated compliance monitoring and drift detection
Data Handling & Storage
- Data residency: All data is stored in US-based data centers operated by leading cloud providers with SOC 2 and ISO 27001 certifications
- Encryption at rest: AES-256 encryption for all stored data, including databases, backups, and file storage
- Encryption in transit: TLS 1.3 enforced for all connections — API calls, dashboard access, and PMS integrations
- Key management: Encryption keys are managed via a dedicated KMS with automatic rotation and strict access policies
- Data isolation: Each practice’s data is logically isolated with tenant-level access controls preventing cross-account access
Employee Security
- Background checks for all employees with access to production systems
- Mandatory security awareness training at onboarding and quarterly refreshers
- Endpoint protection with EDR, full-disk encryption, and remote wipe capabilities on all devices
- Principle of least privilege enforced across all internal tools and systems
- Security incident response drills conducted semi-annually
Responsible Disclosure
We value the security research community. If you discover a vulnerability in our platform, we encourage responsible disclosure. Please report findings to security@dentlo.ai. We commit to:
- Acknowledging your report within 24 hours
- Providing regular updates on investigation and remediation
- Not pursuing legal action against good-faith security researchers
- Crediting researchers (with permission) after fixes are deployed
Questions About Security?
Our security team is happy to answer questions, provide documentation, or walk through our security posture with your IT team.