Security architecture.
We are asking to read your practice-management data. That is a serious request, so the architecture is built to make it a small one: read-only, inside your own cloud, with source you can audit.
Read-only, by construction
The connector adapters issue read operations only. There is no write, update, or delete path in the codebase that touches your practice-management system. The MIT source we deliver lets you verify that yourself — it isn't a promise, it's something you can read.
Your cloud, your keys
We deploy into your own Cloudflare account. Your data never leaves your tenancy. You revoke our access by rotating one credential, and you keep everything we've already produced. There is no copy of your data sitting on our infrastructure to worry about.
Pets aren't HIPAA
Veterinary records are not protected health information, so we are not a HIPAA Business Associate — there is no covered entity to associate with. We hold ourselves to equivalent controls anyway: encryption in transit and at rest, least-privilege access, audit logging, and no human access to your data except on a signed support request with explicit, per-request authorization.
DPA available
A data-processing agreement is available on request, before any pilot. If your counsel wants terms in writing before a credential is issued, that's the normal path, not an exception.
Source delivered
Every paying customer receives the source under an MIT license. You read it, you run it, you keep it. If we disappear, your measurement keeps working and you owe us nothing.