Security & Compliance

Enterprise security. Practice simplicity.

HIPAA compliant from day one, AWS infrastructure, AES-256 encryption, automatic daily backups, and two-factor authentication โ€” with a BAA signed for every practice.

Book a DemoGet a $50 Starbucks cardSee Pricing
HIPAA Compliance

HIPAA compliant. From day one.

Every Ayla account comes with a signed Business Associate Agreement. All patient data is handled in strict accordance with HIPAA requirements โ€” access controls, audit logs, encryption, and breach notification procedures all built in.

  • Signed BAA with every practice
  • Access controls and audit logs
  • Breach notification procedures
  • Staff access logging
  • HIPAA compliant data storage
  • Annual security review

HIPAA Compliance Status

Last reviewed: April 2026

Compliant
Business Associate Agreement
signed
Access Controls
active
Audit Logging
active
Breach Notification Plan
documented
Data Encryption (AES-256)
active
Security Risk Analysis
complete
BAA signed automatically for every practice

Infrastructure Overview

Amazon Web Services

99.9%

Uptime

SLA guaranteed

3

Regions

Multi-region

Auto

Failover

Zero downtime

Application Layer

AWS ECS / Fargate

Database Layer

AWS RDS (PostgreSQL)

Storage Layer

AWS S3 (Encrypted)

Security Layer

AWS WAF + CloudFront

SOC 2 compliant hosting ยท No local server needed
AWS Infrastructure

Built on the cloud the world trusts.

Ayla runs on Amazon Web Services โ€” the same infrastructure trusted by Netflix, NASA, the CIA, and thousands of healthcare organizations. No local server to maintain, no IT staff needed, no server crashes on a Monday morning.

  • AWS infrastructure โ€” enterprise grade
  • No local server required
  • 99.9% uptime SLA
  • Automatic failover
  • Multi-region redundancy
  • SOC 2 compliant hosting

Replaces: Local server infrastructure, IT maintenance costs

Encryption & Backups

Your data is safe. Always.

All data in Ayla is encrypted with AES-256 โ€” at rest and in transit. Automatic daily backups mean your patient data is never at risk. Point-in-time recovery available. Your data is yours โ€” full export available anytime.

  • AES-256 encryption at rest
  • TLS encryption in transit
  • Automatic daily backups
  • Point-in-time recovery
  • Full data export on request
  • Data ownership โ€” always yours

Encryption & Backup Status

All systems operational

Protected

Encryption Layers

Data at Rest

AES-256 encryption

Data in Transit

TLS 1.3 encryption

Field-Level

SSN & sensitive fields

Backup Schedule

Automatic Daily Backups

Point-in-time recovery available

Daily

30

Day retention

100%

Encrypted

Export

Anytime

Authentication

Only the right people get in.

Two-factor authentication, role-based access control, and session management ensure that only authorized staff can access patient data โ€” and only the data relevant to their role.

  • Two-factor authentication
  • Role-based access control
  • Session timeout settings
  • Failed login attempt monitoring
  • Password policy enforcement
  • Audit log of all access

Authentication & Access

2FA enabled ยท Role-based access

Two-Factor Authentication

Verification code sent to your device

Enabled
4
8
2
7
1
6

Today's Access Log

Dr. Martinez ยท Dentist
Logged in
8:02 AM
Sarah K. ยท Hygienist
Viewed chart
8:15 AM
Unknown ยท โ€”
Failed login
8:31 AM
Maria R. ยท Front Desk
Logged in
8:45 AM
Security Hardening

Built secure. Actively hardened.

Ayla has completed a full Security Risk Analysis and is actively remediating all findings. Here is exactly what we have implemented โ€” because transparency builds trust.

bcrypt Password Hashing

All user passwords are hashed using bcrypt with adaptive cost factor โ€” the industry standard for secure password storage. Plain-text passwords are never stored or logged.

AES-256 SSN Encryption

Social Security numbers and other high-sensitivity identifiers are encrypted at the field level using AES-256 โ€” separate from the database-level encryption, providing defense in depth.

XSS Protection in Clinical Notes

All user-generated content including clinical notes, form responses, and messages is sanitized to prevent cross-site scripting (XSS) attacks โ€” protecting against malicious code injection.

S3 Encryption for File Storage

All uploaded files โ€” x-rays, documents, attachments โ€” are stored in AWS S3 with server-side encryption (SSE-S3). Files are encrypted at rest and in transit.

Secrets Removed from Codebase

All API keys, credentials, and secrets have been removed from the codebase and migrated to environment variables managed through secure infrastructure โ€” never committed to version control.

Concurrency Hardening

Database transactions use optimistic locking to prevent race conditions and data corruption โ€” ensuring data integrity even during simultaneous access by multiple users across operatories.

Audit Logging via tRPC Middleware

Comprehensive audit logging on every mutation and key ePHI read via tRPC middleware โ€” every access to protected health information is recorded with user, timestamp, and action for full HIPAA accountability.

Security Risk Analysis Complete

A full HIPAA Security Risk Analysis has been completed covering administrative, physical, and technical safeguards โ€” with active remediation of all identified findings and ongoing risk management documented in our SRA.

Battle-Tested Security

Every security measure is validated in a live clinical environment โ€” real patients, real data, real workflows. Ayla is built to handle production workloads from day one.

Most dental software vendors do not disclose their security implementation details. We do โ€” because practices deserve to know exactly how their patient data is protected.

Ready to see Ayla in action?

Book a personalized demo and see how Ayla can transform your practice.

Book a DemoGet a $50 Starbucks cardSee Pricing