Skip to content
AlignSure Docs

Data Protection

Encryption

Section titled “Encryption”

At Rest

Section titled “At Rest”

All data stored by AlignSure is encrypted using AES-256 encryption. PHI fields receive additional column-level encryption for defense-in-depth.

In Transit

Section titled “In Transit”

All communications use TLS 1.2 or higher. This includes:

  • Browser to application
  • Application to API
  • API to database
  • API to Microsoft Graph

Key Management

Section titled “Key Management”

Encryption keys are managed through a dedicated key management service:

  • Automatic key rotation on a defined schedule
  • Keys are never stored alongside encrypted data
  • Key access is audited and restricted to infrastructure operations

Data Residency

Section titled “Data Residency”

AlignSure processes data in the United States. Customer data does not leave US-based infrastructure.

Data Retention

Section titled “Data Retention”
  • Active customer data is retained for the duration of the service agreement
  • Upon termination, customer data is deleted within 30 days
  • Audit logs are retained per regulatory requirements (minimum 6 years for HIPAA)
  • Customers can request data export at any time

Backup

Section titled “Backup”
  • Automated daily backups with point-in-time recovery
  • Backups are encrypted with the same AES-256 standard
  • Backup restoration is tested regularly
  • Backups are stored in geographically separate locations