Security & compliance

Patient data, protected by design

ORbit is built for healthcare from the ground up. Every query is facility-scoped and enforced by row-level security, every change is audit-logged, and access is governed by role — so you can move fast without adding risk.

HIPAA-aligned by design

Protected health information is handled to HIPAA standards end to end — the platform was built for healthcare from the ground up, not adapted to it.

Row-level security

Facility isolation is enforced in the database itself. Row-level security on every table means a user can only ever see data within their authorized facility.

Full audit trail

Every action is logged and traceable, with audit history built into every table — so compliance and investigation never depend on reconstructing what happened.

Role-based access

Access is governed by role, so each person sees the data appropriate to their job and nothing more. The right data for the right person, by default.

Encrypted in transit

All data is transmitted over HTTPS/TLS, and stored on managed, access-controlled infrastructure (PostgreSQL via Supabase, hosting via Vercel).

No third-party tracking

ORbit does not use advertising SDKs or cross-app/cross-site tracking. Patient and operational data is for operating your facility — not for anyone else.

How your data is handled

Operational data is yours. Case milestones, timestamps, and procedural information are entered by your authorized staff and used to run and improve your facility's operations. Aggregated analytics are accessible to your authorized administrators.

Retention & deletion. Data is retained while your account is active or as needed to provide the service. Facility administrators may request deletion of facility data.

Service providers. We share data only with the providers needed to operate the service — database hosting, web hosting, and push-notification delivery — never for advertising.

For full detail, see our Privacy Policy and Terms of Service.

Have a security or compliance question?

We're happy to walk your team through how ORbit protects patient data on your own deployment.