How we protect your practice.

1. Encryption

All traffic between your device and Integro is encrypted in transit using TLS 1.2 or higher. Practice data at rest is encrypted with AES-256, with keys managed by our cloud provider and rotated on a regular schedule.

2. Authentication

We support passwordless sign-in links, strong passwords with bcrypt hashing, and two-factor authentication via authenticator apps. Sessions can be revoked individually from Me → Email & Password → Sessions.

3. Access control

Access to production systems is limited to a small set of engineers and requires SSO with hardware-backed second factor. Administrative actions are logged and retained for 365 days.

4. Infrastructure

Integro runs on Amazon Web Services in the US. We use a hardened baseline, automated vulnerability scanning, and dependency updates that flow through our CI pipeline weekly.

5. Backups & continuity

Practice data is backed up daily with point-in-time recovery for the last 30 days. Backups are encrypted and stored in a separate region from primary storage.

6. Responsible disclosure

We welcome reports from security researchers. Email security@integro.today with a clear description, steps to reproduce, and any proof-of-concept. We commit to:

• Acknowledging your report within two business days.
• Keeping you updated as we investigate.
• Not pursuing legal action against researchers who act in good faith.
• Crediting you, if you'd like, once a fix ships.

7. What to do if your account is compromised

If you suspect unauthorized access, change your password immediately and email security@integro.today. We can help you review recent sessions, revoke tokens, and restore any data that was altered.

Questions about this document? Reach us at legal@integro.today.