Security Architecture
AlignSure is designed for organizations that handle protected health information (PHI) and other regulated data.
Infrastructure
Section titled “Infrastructure”- Authentication — Microsoft Entra ID (OAuth 2.0 / OpenID Connect)
- API — HTTPS-only (TLS 1.2+)
- Database — PostgreSQL with tenant isolation at the application and database layer
- Encryption at rest — AES-256 for all stored data; column-level encryption for PHI fields
- Encryption in transit — TLS 1.2 or higher for all communications
- Key management — Dedicated key management service with automatic rotation
Tenant Isolation
Section titled “Tenant Isolation”Each customer operates in a logically isolated environment:
- Application-level tenant context enforced on every request
- Database-level row isolation with tenant identifiers
- No cross-tenant queries are possible through the application layer
- Isolation is validated through automated testing and periodic penetration testing
Access Control
Section titled “Access Control”- All user access requires Microsoft Entra ID authentication
- No local accounts, shared logins, or API keys for user access
- Administrative access requires Privileged Identity Management (PIM) with just-in-time elevation
- All access is logged in immutable audit records
Network Security
Section titled “Network Security”- All endpoints are HTTPS-only
- API rate limiting and abuse detection
- DDoS protection at the infrastructure layer
- No direct database access from the public internet
Monitoring
Section titled “Monitoring”- Infrastructure monitoring with alerting
- Application-level audit logging for all compliance-relevant actions
- Anomaly detection for unusual access patterns
- Incident response procedures with documented escalation paths