Application security
Protecting your therapyBOSS account
Two-factor authentication
Required for web access from unrecognized devices. Remembered for 30 days if browser cookies are enabled.
Permission-based access
Office staff accounts are permission restricted. Clinicians only have access through their own interfaces and only to assigned patients.
User management
One place to add and manage office staff. Last login timestamp to monitor activity. Lockout for failed login attempts. Related email notifications.
User data security
Protecting your data in therapyBOSS
Data encryption
All data communication is encrypted with TLS 1.2. For data in storage, AES 256 bit encryption is employed.
Mobile app encryption
Mobile app stores data on devices to be able to work offline. This data is secured with AES 256 bit encryption.
Encoded passwords
Account passwords are hashed in the database to be indecipherable. Forgotten passwords must be reset.
Data center security
Protecting our networks and infrastructure
Virtual Private Cloud
Hosted in a dedicated private cloud. Firewall rules and software defined networking with all connections encrypted.
World-class hosting
Local (Chicago area) data center. SSAE18 Type 2, SOC1, SOC2 compliance. 24/7 physical security and protection.
Access controls
Access into production networks is restricted by IP address and possible only by a few authorized members of our team.
Disaster recovery
Ensuring business continuity
Redundancy
Every component of our network infrastructure is essentially duplicated to deliver resiliency in the face of system failures.
Data backup
Comprehensive backup strategy ensures that all data is backed up frequently and backups are ready for restoration.
Stand-by data center
Real-time data replication to a geographically separated hosting environment for seamless continuity.