Security & Data Protection

Your residents' data is protected like financial records

SoberBase is built on healthcare-grade infrastructure. Every record is encrypted, every operator's data is isolated, and every access is logged.

Encrypted in Transit & at Rest
HIPAA-Aligned Practices
SOC 2 Infrastructure
99.9% Uptime
Full Data Isolation per Operator

Encryption Everywhere

Your residents' data is encrypted the same way banks protect financial records — both while it travels over the internet and while it sits in our database.

  • TLS 1.2+ encryption for all data in transit
  • AES-256 encryption for data at rest
  • Encrypted database backups
  • Secure HTTPS on all endpoints (no HTTP fallback)

Enterprise Infrastructure

SoberBase runs on Render — US-based, SOC 2 compliant cloud infrastructure — with Neon PostgreSQL, an enterprise-grade database built for reliability.

  • Hosted on SOC 2 compliant US servers
  • Neon enterprise PostgreSQL database
  • Automatic daily database backups
  • 99.9% uptime SLA on underlying infrastructure

Access Controls

Only the right people see the right data. Operators can only access their own residents and houses. Staff access is role-controlled. Every action is logged.

  • Role-based access: operator vs. staff vs. resident
  • Each operator's data is fully isolated from others
  • Admin audit trail on sensitive actions
  • Residents can only view their own records

Secure Authentication

Passwords are hashed using industry-standard bcrypt. Sessions use secure HTTP-only cookies that are resistant to XSS attacks and token theft.

  • bcrypt password hashing (industry standard)
  • Secure, HTTP-only session cookies
  • 30-day sliding session window
  • Automatic session invalidation on logout

Data Ownership

Your data is your data — full stop. SoberBase never claims ownership over resident records, compliance documents, or any data you create on the platform.

  • Operators retain 100% ownership of all records
  • Data export available at any time (CSV, PDF)
  • Account deletion removes all associated data
  • No lock-in — take your data whenever you need

No Third-Party Data Sharing

Resident data is never sold, shared, or used to train AI models. SoberBase does not share your records with any external parties — advertising, analytics, or otherwise.

  • No data sold to advertisers or data brokers
  • No AI training on resident records
  • No sharing with insurance or government without consent
  • Third-party integrations limited to core infrastructure

Backup & Redundancy

Your records are automatically backed up every day using Neon's enterprise point-in-time recovery — so even in a worst-case scenario, your data is never lost.

  • Automated daily backups via Neon PITR
  • Up to 7-day point-in-time recovery window
  • Multi-region redundancy on database infrastructure
  • Backup integrity verified automatically
Built with HIPAA Best Practices
Designed for the confidentiality requirements of substance use disorder records

Substance use disorder records are among the most sensitive data in healthcare — protected under both HIPAA and 42 CFR Part 2. SoberBase is built with the technical safeguards recommended by HIPAA to keep your residents' information private and protected.

Our infrastructure meets the technical safeguards outlined in the HIPAA Security Rule, including encryption standards, access controls, audit controls, and transmission security. We are designed to support operators who need to demonstrate confidentiality protections to licensing bodies like ODMHAS and ORH.

HIPAA-aligned technical safeguards 42 CFR Part 2 confidentiality support Encryption at rest & in transit Access controls & audit trails Data isolation per operator
For Ohio Operators

Built in Ohio. Designed for ORH compliance from day one.

The Oxford Recovery House (ORH) certification framework has specific documentation requirements. SoberBase was designed with those requirements in mind — not bolted on afterward.

Audit-Ready Documentation

Drug test logs, curfew records, incident reports, and resident history all exportable as PDFs for any ORH audit.

Compliance Dashboards

Real-time compliance status across all ORH checklist items. See gaps before your auditor does.

30-Day Testing Flags

Automatic alerts when a resident is overdue for drug testing — so you never miss an ORH requirement.

Infrastructure

What powers SoberBase

We're transparent about the technology we rely on. Every vendor is production-grade and used by healthcare and financial services companies worldwide.

Component Provider Certification Status
Application Hosting Render (US-based) SOC 2 Type II Active
Database Neon PostgreSQL SOC 2 Type II, ISO 27001 Active
Data in Transit TLS 1.2+ / HTTPS Industry Standard Enforced
Data at Rest AES-256 Encryption NIST Recommended Enforced
File Storage Cloudflare R2 (US) SOC 2 Type II Active
Database Backups Neon Automated Daily point-in-time recovery Active
Authentication bcrypt + JWT OWASP Recommended Active

Have specific security questions?

Reach out directly. We'll answer every question — no sales runaround.

Email Us → Start Free Trial