CommunityBridge Security Overview
Starter document for prospect review. Finalize with deployment-specific details before distribution.
Important: Do not describe CommunityBridge as HIPAA compliant, fully secure, or encrypted at rest unless those items have been validated for the actual deployment environment and documented by the appropriate technical, legal, and compliance owners. |
Security posture summary
CommunityBridge includes application-level capabilities relevant to privacy-conscious organizations, including role-based experiences, authentication flows, administrative controls, and support for policy-facing materials such as privacy, support, and terms pages. Security posture still depends on the actual hosting environment, configuration, account-management practices, logging, vendor agreements, and operational safeguards in place.
Application-level evidence reflected in the workspace
- Role-based navigation for administrator, therapist, and parent-oriented workflows
- Authentication and token-based access patterns in the application codebase
- Administrative surfaces for moderation, permissions, alerts, user oversight, and export-related workflows
- Public privacy, terms, and support pages already present on the public-facing website
- Configuration surfaces for notifications, support email, build configuration, and environment variables
Items to confirm before customer security review
Topic | Status to confirm | Owner |
Hosting and infrastructure | Cloud/provider, region, access model, backups, hardening, disaster recovery | DevOps / Engineering |
Encryption controls | Transport encryption, storage encryption, key management, device storage treatment | Engineering / DevOps |
Access administration | Provisioning, role review, offboarding, admin approval model | Engineering / IT |
Logging and monitoring | Audit logs, alerting, retention, support access, incident workflows | Engineering / Compliance |
Vendor agreements | BAA availability and vendor/subprocessor review | Legal / Compliance |
Safe external language
- CommunityBridge supports privacy-conscious communication and coordination workflows.
- Security and privacy practices can be reviewed as part of the customer evaluation process.
- Any compliance determination should reflect the exact deployment and contractual environment.