Security & Compliance — How HEXA PIPER Protects Your Data

Every security measure listed here is included on every plan. No enterprise gate, no add-on fees.

Hexa Piper is built with HIPAA-grade security on every plan. The platform encrypts data with AES-256, enforces two-factor authentication and role-based access, logs every action in audit trails retained for 6 years, and supports Business Associate Agreements (BAA). These controls apply to all customers — from the free plan up — so healthcare teams, agencies, and small businesses get the same protection.

Encryption

Data is encrypted with AES-256 at rest and protected by HTTPS/TLS in transit. HTTPS is enforced platform-wide — connections are automatically upgraded and HSTS is enabled. Sensitive records, uploaded files, and stored credentials in the built-in password manager are encrypted.

Two-Factor Authentication

Two-factor authentication (2FA) adds a second verification step at login. Combined with enforced password complexity and configurable session timeouts, it protects accounts even if a password is compromised.

Role-Based Access

Access is controlled per role: staff, managers, accountants, and portal users each see only what their role permits. Custom roles let you grant page-level access — so a bookkeeper sees invoices, not payroll, and a client sees their portal, not your operations.

Audit Trails

Every significant action — logins, record changes, file access — is logged with who, what, and when. Audit logs are retained for 6 years, matching HIPAA record-retention expectations and giving you a defensible accountability trail for auditors.

Business Associate Agreement (BAA) Support

Healthcare organizations that handle PHI can execute a BAA with Hexa Piper on any plan. Combined with the technical safeguards above, this supports your HIPAA compliance obligations without an enterprise contract.

Data Retention & Backups

Automated database backups run on configurable schedules with retention policies up to 6 years. Your data stays recoverable after hardware failure, accidental deletion, or ransomware — and you can restore without vendor intervention.

Want the compliance specifics? See the HIPAA compliance page, learn how healthcare teams use Hexa Piper, or read about the team behind the platform.

See Our Security in Action — Start Free Trial See Pricing Plans Explore All Features