CommunityBridge Security Overview
Starter document for prospect review. Finalize with deployment-specific details before distribution.
Important: Do not describe CommunityBridge as HIPAA compliant, fully secure, or encrypted at rest unless those items have been validated for the actual deployment environment and documented by the appropriate technical, legal, and compliance owners. |
Security posture summary
CommunityBridge includes application-level capabilities relevant to privacy-conscious organizations, including role-based experiences, invite and approval-based authentication flows, administrative controls, billing and export oversight surfaces, and policy-facing materials such as privacy, support, and terms pages. Security posture still depends on the actual hosting environment, configuration, account-management practices, logging, vendor agreements, and operational safeguards in place.
Application-level evidence reflected in the workspace
- Role-based navigation for parents, ABA techs, BCBAs, office, reception, and administrative workflows
- Authentication, invite, approval-link, password-reset, and token-based access patterns in the application codebase
- Administrative surfaces for permissions, alerts, user oversight, reporting, and export-related workflows
- Public privacy, terms, support, provider-evaluation, and download pages already present on the public-facing website
- Configuration surfaces for notifications, support email, build configuration, and environment variables
Items to confirm before customer security review
Topic | Status to confirm | Owner |
Hosting and infrastructure | Cloud/provider, region, access model, backups, hardening, disaster recovery | DevOps / Engineering |
Encryption controls | Transport encryption, storage encryption, key management, device storage treatment | Engineering / DevOps |
Access administration | Provisioning, role review, offboarding, scoped permissions, admin approval model | Engineering / IT |
Logging and monitoring | Audit logs, alerting, retention, support access, incident workflows, export visibility | Engineering / Compliance |
Vendor agreements | BAA availability and vendor/subprocessor review | Legal / Compliance |
Safe external language
- CommunityBridge supports privacy-conscious communication and coordination workflows with role-based access controls.
- Security and privacy practices can be reviewed as part of the customer evaluation process.
- Any compliance determination should reflect the exact deployment and contractual environment.