Security & Compliance

Security is ingrained in every facet of our operations. We adhere to security protocols that exceed industry standards, maintaining a robust security stance to provide our customers with peace of mind regarding security and compliance.

Security pledge


At Prevess, your security is our pledge. Utilizing state-of-the-art TLS encryption and robust token-based authentication, we're committed to safeguarding your data.

Our resilient, auto-scalable systems are designed for business continuity.

And with GDPR compliance already in place, we're diligently working on achieving HIPAA, CCPA, and SOC 2 certifications to meet the rigorous security requirements of the healthcare and wellness sectors.

Trust us to keep your data safe, secure, and compliant.


All interactions between clients and Prevess' APIs, as well as our web applications, are secured with the latest TLS protocols—either TLS 1.2 or TLS 1.3. Internally, all communication between Prevess services is encrypted, as is communication with external services.

Data stored by Prevess is encrypted at rest using 256-bit AES encryption for utmost security.


Prevess employs API token authentication protocols for secure API access.

These tokens can be safely rotated to maintain operational continuity, even in cases where API keys may have been compromised.

For dashboard access, Prevess uses short-lived JWT tokens that offer limited value if ever leaked.

Business Continuity

Prevess is equipped with comprehensive processes and policies designed to ensure continuous operations.

Our production systems have redundancies built in, configured for both automatic failover and scaling.

Team members at Prevess undergo annual training in business continuity, complemented by regular disaster recovery exercises.


Prevess is GDPR compliant, ensuring stringent data protection measures for our European clientele.

We are actively working towards HIPAA, CCPA, and SOC 2 Type I compliance, coming soon. This will extend our compliance framework to better serve clients in the United States and other regulated markets.

Clients also have the option to choose their operating region to comply with data locality regulations. In addition to these initiatives, Prevess undergoes annual third-party penetration tests and employs automatic code and network security scanners to continuously verify the security of our code, servers, and networks.