Security & Compliance
At NarcTrack, security is not an afterthought—it's the foundation of everything we build. We understand the critical nature of medication tracking and the sensitivity of the data involved. Here is how we protect your agency's data.
Infrastructure Security
NarcTrack is built on Supabase, an enterprise-grade backend-as-a-service platform. Our infrastructure resides in AWS data centers that are SOC 1, SOC 2, and ISO 27001 certified. We leverage these world-class standards to ensure high availability and redundancy.
Data Encryption
Your data is protected at every stage. We employ AES-256 encryption for data at rest and TLS 1.2+ for data in transit. This ensures that sensitive information, including inventory logs and user actions, remains unreadable to unauthorized parties.
Access Control
We implement strict Role-Based Access Control (RBAC) at the database level. Row Level Security usage means that users can only access data they are explicitly authorized to see. MFA (Multi-Factor Authentication) is supported and encouraged for all administrative accounts.
HIPAA & SOC 2
Our platform is designed to support HIPAA compliance. Supabase is SOC 2 Type 2 compliant and HIPAA compliant. We sign Business Associate Agreements (BAA) with qualifying enterprise customers to ensure full regulatory alignment.
Vulnerability Disclosure
We take security reports seriously. If you believe you have found a security vulnerability in NarcTrack, please contact us immediately at [email protected]. We will investigate all reports and work with you to resolve valid issues promptly.