Security and trust
A tool you can recommend without flinching.
You hold your clients to a standard. The software you use to do it has to clear the same bar. Here is how Provra is built, in plain language you can verify.
Tenant isolation
Each practice's data is held in an isolated database schema. Access is scoped to the authenticated practice on every request, so one practice can never reach another's data.
Authentication
Multi-factor authentication is required for every account. There is no setting to turn it off.
Encryption
Data is encrypted in transit (TLS) and at rest. The most sensitive fields are encrypted at the field level, above and beyond storage encryption.
Access control
Access is role-based and deny-by-default. A user sees only what their role grants, and nothing is exposed unless a rule explicitly allows it.
Auditability
Access to client data is recorded in an append-only audit trail. The record of who accessed what cannot be quietly altered after the fact.
Payments
Billing is handled by Stripe with hosted checkout. Card data never touches Provra servers. The marketing site and the app contain no card fields.
Questions from a security buyer
The controls above are in place today. If you are evaluating Provra for a client and need detail beyond this page, or want to talk through our compliance roadmap, reach us at [email protected]. A Data Processing Agreement is available on request, and you can review our subprocessors.
Bring Provra to your next engagement.
Start a free trial, or book a call to walk through the security model with us.