Learn how PR-TOP protects your clients' most sensitive data with industry-leading security measures.
All sensitive client data stored in our database is encrypted using AES-256, the same standard used by banks and government agencies. Each record is encrypted with a unique initialization vector, ensuring that even identical data produces different ciphertext.
Database backups inherit the same encryption, so your data remains protected even in cold storage.
Every connection between your browser and PR-TOP servers is secured with TLS 1.3, the latest and most secure transport layer protocol. This prevents eavesdropping, tampering, and man-in-the-middle attacks.
We enforce HSTS (HTTP Strict Transport Security) headers with a two-year duration to ensure your browser never accidentally downgrades to an unencrypted connection.
Beyond database-level encryption, PR-TOP applies a second layer of application-level encryption to all Class A sensitive data before it reaches the database. This means that even a database administrator cannot read the data without the application encryption keys. Class A data includes:
Encryption keys are derived from a master key that is stored separately from the database. The master key is never committed to source code and is injected at runtime through secure environment variables.
Key rotation procedures are supported to periodically refresh encryption without disrupting service availability.
PR-TOP is designed so that the platform operators cannot access your clients' sensitive data. All encryption and decryption happens within the application layer, and only authorized therapists with valid authentication tokens can trigger decryption.
Even in the event of a server breach, the attacker would only find encrypted ciphertext — not readable client data.