Security
Last updated: June 11, 2026
Titrately handles clinical data for ADHD medication titration. Security is foundational, not an afterthought. This page describes our security architecture and practices.
Encryption
TLS 1.3 for all data in transit. AES-256-GCM for sensitive fields at rest. No plaintext MRNs or PHI stored.
Data Isolation
PostgreSQL Row-Level Security enforces host-level isolation at the database layer. Every query is scoped to a single host.
Authentication
JWT with short-lived access tokens (1h) and separate refresh tokens (7d). bcrypt password hashing. SMART-on-FHIR OAuth2 with PKCE.
Audit Trail
Append-only audit log on all clinical tables. UPDATE and DELETE revoked on audit_log. Every data access recorded.
Architecture
Network Security
- TLS 1.3 only (TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256).
- HTTP/2 with HSTS preload (max-age 2 years).
- Apache mod_security WAF with request body limits.
- Rate limiting at both reverse proxy and application layers.
- Content Security Policy restricting resource origins.
Application Security
- Helmet.js security headers (X-Content-Type-Options, X-Frame-Options, Referrer-Policy, Permissions-Policy).
- Joi input validation on all 15 API schemas with strict type checking.
- Parameterized SQL queries throughout (no string interpolation in queries).
- RLS context set via parameterized
set_config().
- CORS restricted to configured host origins.
Database Security
- 4 PostgreSQL roles with principle of least privilege (API, worker, readonly, export).
- Row-Level Security on all clinical tables (11 tables, 11 policies).
- Crash-safe RLS using
NULLIF(current_setting(..., true), '')::UUID.
- Audit triggers on all 11 clinical tables.
- Automated daily backups with retention policy.
Data Protection
- MRNs tokenized (SHA-256) before storage; never stored in plaintext.
- Export pipeline strips PHI defense-in-depth before research data leaves the system.
- Research exports gated on verified consent scope.
- Host anonymization via one-way hash in exported datasets.
Infrastructure
- Debian 12 bare metal (no shared tenancy).
- PM2 process manager with cluster mode for API redundancy.
- Redis 7 with database-per-function separation (queues, sessions, cache, rate-limit).
- PostgreSQL 16 with connection pooling and SSL support.
Incident Response
In the event of a security incident affecting clinical data:
- Affected host organizations notified within 24 hours.
- Audit logs preserved and made available for investigation.
- Root cause analysis and remediation documented.
- HIPAA breach notification procedures followed as applicable.
Responsible Disclosure
If you discover a security vulnerability, please report it to security@titrately.com. We commit to acknowledging reports within 48 hours and providing a resolution timeline within 7 days.