Security Overview
How we protect and handle your practice data.
HIPAA Compliant
Denta is fully HIPAA compliant. All data is encrypted, access-controlled, and handled in accordance with HIPAA requirements. Contact us at security@trydenta.com for our security documentation.
Security Measures
Encryption at Rest
All data stored in our databases and data lake is encrypted using AES-256 encryption. This includes patient information, financial data, and integration credentials.
Encryption in Transit
All data transmitted between your systems and Denta uses TLS 1.3 encryption. API calls, webhooks, and streaming connections are all secured.
Secure Credential Storage
Integration credentials (OAuth tokens, API keys) are encrypted and stored separately from application data. Tokens are automatically refreshed and never exposed in logs.
Cloud Infrastructure
Denta runs on secure cloud infrastructure with isolated environments. Our data lake is hosted on AWS S3 with encryption and access controls.
Access Controls
Role-based access control (RBAC) ensures users only see data they are authorized to view. All access is logged for audit purposes.
Data Isolation
Each company's data is logically isolated. Queries and operations are scoped to prevent cross-company data access.
Data Handling
What data do we collect?
We collect clinical data (procedures, transactions), financial data (chart of accounts, bills, deposits), and payroll data (timesheets, employee info). We do NOT collect or store protected health information (PHI) such as patient names, addresses, SSNs, or medical histories beyond procedure codes.
Where is data stored?
Data is stored in two locations: our primary database (Supabase/PostgreSQL) for real-time access, and our data lake (AWS S3) for historical analysis. Both are encrypted and access-controlled.
How long do we retain data?
We retain data for the duration of your subscription plus 30 days. Historical data for analytics is retained indefinitely while your account is active. Upon account closure, data is purged within 90 days.
Can I delete my data?
Yes. You can request complete data deletion by contacting support@trydenta.com. We will remove all your company data from our systems within 30 days of a verified request.