Security at DisabilityProAI

Because we handle your clients’ medical and legal records, security isn’t an afterthought—it’s baked into every layer of the platform.

Data Protection

Encryption in Transit

All traffic travels over TLS 1.3 with HSTS pre-loading. Your data is unreadable to anyone on the wire.

Encryption at Rest

Database files, object storage, and backups are encrypted with AES-256. Even if disks were removed, content stays protected.

Daily Encrypted Backups

Automated point-in-time snapshots with 35-day retention for rapid recovery.

Application-Level Controls

Row-Level Security

Every query is evaluated so users only see their own cases, documents, pages, and chat history.

Fine-grained Storage Policies

Private document bucket plus policies that verify both bucket and case owner before any file is read or written.

Normalized Filenames

Uploaded files are renamed to random UUIDs to prevent path or execution attacks.

Two-Factor Authentication

Time-based one-time passwords (TOTP) supported for all accounts; admins can require it workspace-wide.

Rate-Limiting & Brute-Force Defense

Sign-in, chat, and upload endpoints throttle repeated attempts by IP and account to stop automated attacks.

Anti-CSRF Guard

API routes validate the Origin header and reject state-changing requests from unauthorized domains.

XSS Hardening

All content is sanitized with an allow-list cleaner before reaching the browser.

Security Headers

Strict CSP, X-Frame-Options DENY, Referrer-Policy same-origin, Permissions-Policy (camera/mic/geo disabled).

Infrastructure Safeguards

1

Serverless, Immutable Deployments

Each deploy is a fresh build on Vercel’s edge network with automatic rollback. No long-lived servers to patch.

2

Global Edge Network with WAF

Vercel’s managed network terminates TLS, filters malicious traffic, and enforces WAF rules before a request reaches our app.

3

Private Database Networking

The database is not addressable from the public Internet; only the application and admin bastion can connect.

4

Google Cloud Platform (GCP)

AI processing runs on GCP Cloud Run with dedicated service-account authentication and no public access. Data stays within US regions.

5

Automatic Vulnerability Patching

Underlying runtimes receive security updates as soon as they are published.

Monitoring & Incident Response

Real-time log streaming to an external SIEM for long-term retention and anomaly detection.
Custom alerts for failed login bursts, abnormal upload sizes, and unexpected database policy violations.
24×7 automated health checks — unhealthy instances are rerouted and replaced automatically.
Quarterly disaster-recovery drills — full-stack restores from backup to verify every step is repeatable.

Compliance-Friendly by Design

HIPAA-ready Architecture

Encryption everywhere, audit logging, and strict access controls form the foundation required for handling PHI.

Data Residency

All primary and backup data stays within U.S.-based data centers.

Least-privilege Access

Internal staff accounts are scoped to the minimum set of projects and actions they need to support you.

Our Commitment

We continually review new controls and run third-party penetration tests to keep raising the bar. If you have security questions, need our latest penetration-test summary, or want to report a vulnerability:

security@disabilityproai.com

PGP key available on request