Security Readiness

Treat facility data like operational evidence.

Only the details needed for follow-up are captured. Data is stored securely, and compliance claims stay limited to what is actually configured.

Data-minimization posture

Forms request operational details needed for follow-up and avoid collecting resident-level protected health information.

Secure deployment

Production deployment uses HTTPS, managed secrets, and secure form storage.

Admin access controls

The admin dashboard supports Basic Auth through environment variables and should be connected to a full auth provider before broader internal use.

Activity visibility

Lead, contact, facility review, staffing request, notification, and activity records are stored so operators can review what happened after a form is submitted.

BAA review required

If customer data use requires a Business Associate Agreement or HIPAA workflow, that documentation should be reviewed with counsel before launch.

Infrastructure checklist

The README documents required environment variables, deployment checks, and operational steps for a self-hosted production deployment.

Security practices at a glance

Managed secrets

Admin authentication

Secure form records

Submission activity log

Notification records

No fake contact data

No resident-level PHI requested

Security headers active

Admin routes excluded from search

Legal pages ready for attorney review

Health checks active

Production HTTPS enforced

Need security or BAA review?

Use the contact form to request the exact documentation needed for your facility, legal team, or vendor review.