Security
iPSM handles safety-critical compliance documentation. The infrastructure, application architecture, and data handling reflect that responsibility.
In place today
Infrastructure
- Hosted on SOC 2 Type II certified infrastructure. DigitalOcean and Supabase.
- US-based data residency
- Encrypted at rest (AES-256) and in transit (TLS 1.2+)
- Automated backups
Application Security
- Row-level security (RLS) on every facility-scoped table. Customer data is isolated between facilities at the database level.
- Multi-tier role-based access control. Organization-level roles govern team membership. Facility-level roles (PSM coordinator, refrigeration manager, operator, consultant, read-only) control what each person can do, with per-facility permission overrides.
- Schema validation on API endpoints
- Server-side JWT validation on every protected request via Supabase Auth. No client-side session trust.
AI Security
- Human review architecture. Every AI-generated document is created in draft status until a qualified person reviews and approves.
- AI-generated content is visually labeled in the UI and never presented as human-authored
- Approval records who approved, when, and captures a signature
- No customer data is used for model training
Audit & Compliance
- Tamper-resistant audit logging on compliance-critical actions
- Timestamped records of every approval, sign-off, and modification
Data Ownership
- Your data is yours. No vendor lock-in on compliance documentation.
Committed / in progress
- In ProgressIndependent third-party penetration testing. First assessment underway.
- In ProgressAppend-only audit log enforcement via database triggers
- PlannedSOC 2 Type II compliance for the iPSM application, targeted Q2 2027
- PlannedFull program data export in CSV, PDF, and JSON formats
- PlannedSingle sign-on (SSO) and SAML support, prioritized with enterprise onboarding
Questions about security or compliance?
We respond within one business day.