Security & data protection FAQ

Yes, in transit and at rest. All traffic uses TLS/HTTPS, and all stored data is encrypted at rest by our cloud provider. On top of that, the most sensitive secrets (your connected email credentials and accounting tokens) are individually encrypted with AES-256-GCM before they're ever written to the database.

OneTerp runs entirely on Google Cloud / Firebase, under a signed Business Associate Agreement (BAA) with Google that covers the database, file storage, application hosting, and email. We do not run our own servers or store your data on uncovered third-party services.

OneTerp is built on HIPAA-eligible infrastructure with a signed BAA from Google, and the core technical safeguards (access controls, encryption, audit logging, and automatic logoff) are in place. We are honest that HIPAA compliance is more than technology: the formal program (risk assessment, written policies, workforce training, breach plan, and a Business Associate Agreement we sign with each agency) is in progress. We don't claim to be "HIPAA compliant" until that program is complete and reviewed by counsel.

A customer-facing BAA is in preparation and under legal review. As a software vendor that handles protected health information on behalf of agencies, signing a BAA with each agency customer is part of our roadmap. Contact us if a BAA is a prerequisite for your agency and we'll share status.

Access is strictly scoped to your agency. Our database and file-storage security rules enforce role-based, agency-isolated access. One agency can never read another's data, and interpreters only see the assignments they're given. Permissions are checked on every request and revoke instantly when you change someone's role or remove them. Our own platform operators are walled off from your operational and patient data.

No, we never sell your data. We use a small set of vendors for specific functions (payments, text messaging, optional accounting sync), and we deliberately keep protected health information out of every vendor that isn't covered by a BAA. See the questions on SMS and accounting below.

No. SMS is structurally PHI-free by design: the messaging system uses a fixed set of allowed fields with no patient field, and automated messages can only include non-sensitive details like the interpreter or agency name, service type, time, and a link. Free-text messaging tools display a "no PHI" warning.

Intuit doesn't offer a BAA, so OneTerp strips all protected health information before anything is synced: patient names become a job reference number, interpreter names and memos are omitted. Only non-sensitive billing data leaves the platform, and the connection tokens are encrypted.

Subscription billing runs through Stripe, a PCI-compliant payment processor. OneTerp never stores your card numbers, and no patient or job data is ever sent to the billing system. It only sees account and amount information.

Yes, on two layers. The application keeps an append-only, tamper-resistant audit log of sensitive actions (patient-record changes, assignment creation, closeouts, invoice/PHI exports, bulk imports, and attachment downloads), and the underlying database keeps infrastructure-level data-access logs of every read and write.

The database is backed up daily with point-in-time recovery, so data can be restored after an accidental change or loss. Facility and infrastructure resilience is provided by Google Cloud under our BAA.

Every person has a unique, individually authenticated account (no shared logins), with email/password sign-in and an email-verification gate. Idle sessions automatically log out after 15 minutes with a warning. Multi-factor authentication is on our roadmap and evaluated as part of our ongoing risk review.