Security & Compliance — How HEXA PIPER Protects Your Data
Every security measure listed here is included on every plan. No enterprise gate, no add-on fees.
Hexa Piper is built with HIPAA-grade security on every plan. The platform encrypts data with AES-256, enforces two-factor authentication and role-based access, logs every action in audit trails retained for 6 years, and supports Business Associate Agreements (BAA). These controls apply to all customers — from the free plan up — so healthcare teams, agencies, and small businesses get the same protection.
Encryption
Data is encrypted with AES-256 at rest and protected by HTTPS/TLS in transit. HTTPS is enforced platform-wide — connections are automatically upgraded and HSTS is enabled. Sensitive records, uploaded files, and stored credentials in the built-in password manager are encrypted.
Two-Factor Authentication
Two-factor authentication (2FA) adds a second verification step at login. Combined with enforced password complexity and configurable session timeouts, it protects accounts even if a password is compromised.
Role-Based Access
Access is controlled per role: staff, managers, accountants, and portal users each see only what their role permits. Custom roles let you grant page-level access — so a bookkeeper sees invoices, not payroll, and a client sees their portal, not your operations.
Audit Trails
Every significant action — logins, record changes, file access — is logged with who, what, and when. Audit logs are retained for 6 years, matching HIPAA record-retention expectations and giving you a defensible accountability trail for auditors.
Business Associate Agreement (BAA) Support
Healthcare organizations that handle PHI can execute a BAA with Hexa Piper on any plan. Combined with the technical safeguards above, this supports your HIPAA compliance obligations without an enterprise contract.
Data Retention & Backups
Automated database backups run on configurable schedules with retention policies up to 6 years. Your data stays recoverable after hardware failure, accidental deletion, or ransomware — and you can restore without vendor intervention.
Want the compliance specifics? See the HIPAA compliance page, learn how healthcare teams use Hexa Piper, or read about the team behind the platform.