Built with security at the core.
You're trusting us with patient relationships. Here's how we protect that trust at every layer of the platform.
Data encryption
All data is encrypted in transit with TLS 1.2+ and at rest using AES-256 on managed Postgres infrastructure. Connections to the platform run over HTTPS only.
Row-level data isolation
Every practice's data lives behind row-level security policies enforced at the database. A signed-in user can only read or write rows that belong to their own practice — there is no shared trust boundary between accounts.
OAuth token security
Tokens for connected accounts (Meta, Google, Microsoft, Mailchimp, Twilio) are stored server-side and never returned to the browser. Only short-lived, scope-limited tokens are used to publish on your behalf.
HIPAA awareness + BAA
weHivv acts as a Business Associate for healthcare-adjacent practices. A Business Associate Agreement (BAA) is available upon request for practices subject to HIPAA. Email privacy@wehivv.com to start the BAA process.
Audit logging
Sensitive actions — patient data access, exports, integration changes, and team membership changes — are recorded with the actor, timestamp, and resource so practice owners can review activity at any time.
Incident response
If you believe you've found a security issue, email security@wehivv.com. We acknowledge reports within one business day and will coordinate a fix and disclosure timeline with you.
Contact security
For vulnerability reports, BAA requests, or any security question, email security@wehivv.com. For privacy and data-deletion requests, email privacy@wehivv.com.