Security

Your data is sacred to us

Medical data demands the highest standard of protection. We built HistoCraft with security at every layer, not as an afterthought.

Authentication

  • Magic link login. You receive a one-time link by email. No password to remember, no password to steal.
  • Each link expires after a single use and a short time window. If someone intercepts it, it is already worthless.
  • No credentials stored on our servers. Nothing to leak in a breach.

Data Protection

  • All traffic encrypted with TLS. Data in transit is unreadable to anyone except the intended recipient.
  • Database backups are encrypted at rest. Even if storage media were stolen, the data would be useless.
  • Secure infrastructure with regularly updated dependencies and patches.

Access Control

  • Role-based access control. Administrators, pathologists, residents, and secretaries each see only what they need.
  • Per-user permissions that can be customized by institution. Granular control over who can create, edit, or export.
  • Multi-lab support with strict data isolation between organizations.

Audit Trail

  • Every action is logged: who did what, when, and from where.
  • Case creation, edits, exports, and even login events are recorded permanently.
  • Full traceability for compliance audits and internal reviews.

Session Management

  • Device tracking shows you every active session. Revoke any session with one click.
  • Concurrent session limits prevent a single account from being shared inappropriately.
  • Automatic session expiration after periods of inactivity.

Infrastructure

  • Containerized deployment with Docker for process isolation and reproducibility.
  • SSL certificates enforced on all connections. No unencrypted traffic, ever.
  • Firewall rules restrict access to only the ports and services that are needed.

Our Privacy Promise

We will never use your data to train AI models. We will never sell your data to third parties. We will never share your data with advertisers. Your cases, your templates, and your patients' information exist for one purpose: to help you do your work.

If you choose to delete your account, we delete everything. No archives, no backups retained, no exceptions.

Questions about security?

We are happy to discuss our security practices in detail. Reach out anytime.