Trust Center
How we protect the people you care about and the data that comes with it.
Built for Privacy From Day One
There are no cameras in the Seniormatic system. No video is ever recorded, sent, or saved. The sensors only pick up things like motion, temperature, and whether someone is moving around their space.
Resident names are never attached to the raw data. Everything is organized so that only the people who need to see something can see it, and every time someone looks at a record, that access is logged.
HIPAA Security Controls
Here is how we protect the data that flows through the Seniormatic platform, from the sensor in the room to the dashboard on your screen.
| Control | Implementation |
|---|---|
| Encryption at Rest | AES-256 via Supabase PostgreSQL |
| Encryption in Transit | TLS 1.3 on all connections |
| Access Controls | Row-level security + role-based middleware |
| Audit Logging | Immutable audit trail for all PHI access |
| Breach Detection | Real-time monitoring via Sentry + alerting |
| BAA Coverage | Supabase Pro + Vercel Enterprise |
| Data Retention | Configurable per-facility with automated purge |
| Backup & DR | Point-in-time recovery (PITR) |
| MFA | Required for all PHI-accessing roles |
Business Associate Agreement Chain
Every company that touches your data has a signed BAA in place. No gaps in the chain.
BAA Chain
- Customer ↔ Seniormatic (BAA)
- Seniormatic ↔ Supabase (BAA — Pro tier)
- Seniormatic ↔ Vercel (BAA — Enterprise tier)
- Seniormatic ↔ Sentry (BAA — Business plan)
Security Frameworks
The standards and best practices that guide how we build and operate.
NIST CSF 2.0
Governance structure, risk management, and continuous monitoring aligned with the Cybersecurity Framework.
OWASP Top 10
Secure SDLC baseline with CI/CD security checks. Input validation, parameterized queries, CSP headers.
SOC 2 Type II
Future certification target. Policy documentation and evidence collection in progress.
Accessibility (WCAG 2.2 AA)
Our platform is built so that everyone can use it, regardless of ability or the device they are on.
| Criterion | How We Meet It |
|---|---|
| Target Size (Minimum) | All interactive elements meet the 44x44px minimum touch target requirement. |
| Focus Not Obscured | No sticky overlays or banners obstruct the keyboard focus indicator. |
| Consistent Help | Help and contact options appear in the same location on every page. |
| Accessible Authentication | Passkey support, no CAPTCHAs, no memory-heavy authentication flows. |
| Color Contrast | 7:1 ratio (AAA) for body text, 4.5:1 for large text and UI components. |
| Text Resize | Fluid typography with no content loss at 200% browser zoom. |
| Keyboard Navigation | Full keyboard support with visible focus indicators throughout. |
Have questions about security or compliance?
We are happy to walk you through everything. Start with a pilot and see it firsthand.