Our Commitment to Data Safety

NeatDOM Care Suite is built from the ground up to support strict regulatory requirements in senior healthcare (HIPAA) and child advocacy (COPPA). We recognize that care facilities place their most sensitive medical charts, schedules, and family logs in our hands, which is why we enforce security controls at every layer.

HIPAA Compliance & BAA

For organizations operating under the Health Insurance Portability and Accountability Act (HIPAA), NeatDOM complies with all administrative, physical, and technical safeguards. We sign Business Associate Agreements (BAAs) for all CareFlow Pro subscribers.

  • Data Protection: Protected Health Information (PHI) is isolated by tenant and restricted via audited role permissions.
  • Business Associate Agreement (BAA): We execute BAAs to formalize our legal responsibility in protecting your residents' health records. Request a BAA by contacting support.

Infrastructure & Hosting (SOC 2)

All databases and containerized backend APIs are hosted on Google Cloud Platform (GCP) inside highly secure, SOC 2 Type II certified datacenters. GCP manages physical perimeter security, environmental controls, and core hardware redundancy.

  • Host Security: Services are isolated inside container runtimes utilizing Google Cloud Run, automatically scaled and patched against security vulnerabilities.
  • Database Redundancy: Relational PostgreSQL databases enforce local backups and live streaming replication to prevent data loss.

End-to-End Encryption

NeatDOM Care Suite protects data both while moving across the web and while stored on our storage blocks.

  • In Transit: All data transmissions are encrypted using TLS 1.3 protocol. Unencrypted HTTP requests are automatically redirected to secure HTTPS endpoints.
  • At Rest: Databases, logs, and uploaded files are encrypted using industry-standard Advanced Encryption Standard (AES) with 256-bit keys (AES-256).

Access Control & Auditing

Our role-based access control (RBAC) ensures care team members can only view data necessary for their shift.

  • Role Permissions: System Admins/Owners control which staff members (Nurses, Caregivers, Teachers) receive access profiles. Families and Parents can only see timeline cards linked to their specific relative, with zero access to overall facility logs.
  • Automatic Session Timeout: Consistent with clinical guidelines, active sessions automatically expire and log out after 15 minutes of inactivity to prevent unauthorized access on shared terminals.
  • Immutable Audit Logging: Core actions, such as eMAR medication passes and incident logs, are timestamped and recorded immutably to provide state inspectors with reliable documentation.

Decision Support Disclaimer

Disclaimer: AI checking tools (such as medication-allergen profile matching or meal allergen alerts) are built to provide decision support. They do not constitute medical advice or licensed clinical verification. Caregivers must verify dosage and allergy profiles manually before administering medication or food.