Practice Better prioritizes the security of your data and your clients' information through comprehensive safety measures and transparent practices. Your peace of mind matters to us, and we've built multiple layers of protection to ensure your practice operates securely. For complete details, you can review our detailed Privacy Policy.
- Regulatory Compliance
- Meeting HIPAA Requirements
- GDPR Compliance
- PCI Compliance for Payment Processing
- Security in Your Browser
- Encryption Standards
- Server Storage and Backups
- Auditing and Activity Logs
Regulatory Compliance
Practice Better maintains full compliance with major healthcare and data protection regulations, including HIPAA, PIPEDA, PHIPA, and GDPR. This means you can confidently use the platform knowing it meets the strictest industry standards for protecting sensitive health information.
Review our official Privacy Policy here.
| Security Need | How Practice Better Protects You |
|---|---|
| Encryption | Your data is encrypted during transfer and while stored on our servers. We also encrypt all backups and log data to ensure comprehensive protection. |
| Minimum Necessary Access | Access controls automatically default to no access unless manually overridden, ensuring only authorized individuals can view specific information. |
| Physical Security | Our servers are maintained by an SSAE 18 provider that uses industry-leading security tools and best practices to protect the physical infrastructure. |
| Monitoring | All network requests, both successful and unsuccessful, are logged so we can monitor for any unusual activity. |
| Auditing | All log data is encrypted and unified, giving us secure access to complete historical network activity records. |
| Vulnerability Scanning | We regularly scan all customer and internal networks for potential vulnerabilities to stay ahead of security threats. |
| Backup | Your customer data is backed up every 24 hours, with 30 days of rolling backups retained for recovery purposes. |
Meeting HIPAA Requirements
If you work with protected health information in the United States, a HIPAA Business Associate Agreement (BAA) is available upon request. We're here to help you meet regulatory requirements, so please contact us if you have specific concerns about regulations outlined by your governing body.
GDPR Compliance
For practitioners working with clients in the European Union, Practice Better helps you satisfy GDPR requirements. We provide tools and guidance for obtaining proper consent and meeting other obligations under the GDPR Act. Learn more about GDPR compliance in our dedicated help section.
A signed Data Processing Agreement (DPA) is available upon request. Don't hesitate to reach out if you have specific concerns about GDPR compliance — our team is ready to support you.
PCI Compliance for Payment Processing
When you process payments through Practice Better, everything happens in a PCI-compliant manner. We handle subscription payments through Stripe, and we process payments on your behalf through integrations with both Stripe and Square — both are PCI Level 1 Service Providers, the highest level of payment security certification.
📍 Please note: Your clients' credit card data is never stored on Practice Better's servers. This protects both you and your clients by ensuring sensitive payment information remains with certified payment processors.
You can learn more about how our payment partners maintain PCI compliance:
Security in Your Browser
Practice Better implements several browser-level security measures to protect your account. We don't persist your password in your browser cache, and we use secure cookies with limited lifespans. If your session remains idle for the allotted timeout period, you'll be asked to re-enter your login credentials — this ensures that if you step away from your computer, your account remains protected.
Learn more about additional steps you can take to secure your Practice Better account.
Encryption Standards
All data sent between your browser and our servers is secured using industry-standard AES-256 bit encryption — the same level of encryption used by financial institutions and government agencies. We use TLS 1.2 to encrypt your data both between your browser and our servers and between our servers and other internal networks. Data stored on our servers is also encrypted using AES encryption algorithms, providing comprehensive protection at every stage.
Server Storage and Backups
Your data is stored on encrypted hard drives on servers located in North America, ensuring both security and data sovereignty.
Data backups happen nightly, so you can rest assured you won't lose sensitive information in the unlikely event of a disaster. These backups are stored for 60 days, after which they are securely purged from our system. This means if you ever need to recover information, there is a two-month window to restore it.
Auditing and Activity Logs
Practice Better uses comprehensive audit logs to record important account changes and communication with your clients. This includes updates to your password, changes to your payment information, and modifications to your subscriptions — giving you a clear record of account activity.
We also provide you with detailed activity logs showing when your clients view, sign, and complete forms and waivers. These logs include your clients' IP address and location information, which can be valuable for verification purposes. An IP address uniquely identifies a computer or mobile device on the Internet, helping confirm the identity and location of the person accessing your forms.
Locate these logs in your account:
- Click the Settings (gear) icon near the top-right of your portal and select All Settings & Preferences.
- Click Activity under the My Team heading.
- Use the available filters to refine your search by: Team members; Specific activity events; Date range.
- Optionally use the Export button near the top-right of this page to save your filtered Activity logs as a CSV file you can open in a spreadsheet software like Google Sheets, Excel, or Numbers.
Need additional support? If you have questions about any of these security features or need assistance with compliance documentation, our support team is here to help. Your practice's security is our priority, and we're committed to providing you with the tools and transparency you need to protect your clients' sensitive information.