Security

Built for healthcare from the first line of code.

Six things your IT and compliance folks will ask about β€” all running in production today.

πŸ”

Two-factor, always

Every account needs a passkey or authenticator. No exceptions, no off switch.

πŸ₯

Your organization only

Data is isolated per organization, enforced in code. Blocked attempts are recorded.

🧾

An audit log nobody can edit

Sign-ins, sensitive views and changes β€” append-only, searchable, exportable.

πŸ—„οΈ

Backups that test themselves

Off-site within ~1 second, 30-day point-in-time restore, auto-validated daily.

πŸ”’

Encrypted, everywhere

HTTPS-only with HSTS and DNSSEC; sensitive fields encrypted at rest.

πŸ›‘οΈ

Hardened by default

CSP, CSRF, clickjacking and SSRF protection on every request. DEA numbers stay private to each physician.

HIPAA: built to HIPAA-aligned controls. Chordae's workflows don't require patient records β€” and before any customer stores PHI, we put BAA-backed hosting in place. No ads. Never selling data.
Found something? email us with β€œsecurity” in the subject β€” we respond fast.