Built Secure From the Ground Up
She Signal handles sensitive compliance data for healthcare professionals every day. That's a responsibility we take seriously — here's exactly how we protect it.
Your data stays yours — encrypted, always.
We apply military-grade encryption to every byte of data She Signal touches — whether it's moving between servers or sitting at rest in our database.
End-to-End Encrypted Messages
Every SMS alert, renewal reminder, and compliance notification is encrypted end-to-end. Nobody — including us — can read the content of your messages in transit.
AES-256 at Rest & in Transit
All stored data — license records, alert histories, account details — is protected with AES-256 encryption. The same standard used by the U.S. federal government.
Zero Data Selling. Ever.
Your personal and professional information is yours. We don't sell, trade, or license your data to third parties — advertisers, brokers, or anyone else. Full stop.
Secure Key Management
Cryptographic keys are managed via hardware security modules (HSMs) and rotated on a defined schedule. Compromised keys are revoked and rotated within minutes.
We only know what we need to know.
Monitoring licenses across 100+ state boards means we need to know which states you're licensed in — nothing more. No GPS, no precise location, no behavioral tracking. Here's our full commitment.
- Only state/jurisdiction-level data is ever collected
- No GPS coordinates, IP-based location, or device tracking
- Location data is never shared with advertisers or analytics platforms
- You can delete all location-related data at any time
- Full transparency: see exactly what data we hold via your account dashboard
Minimal Collection by Design
We collect only the state-level jurisdiction data required to monitor your licenses. We do not track, store, or transmit precise GPS coordinates at any point.
Transparent Data Use
Location data (state/jurisdiction) is used exclusively to query the correct state board APIs on your behalf. It is never shared with marketing partners or analytics platforms.
Reliable infrastructure you can depend on.
Compliance alerts have zero tolerance for downtime. Our infrastructure is engineered to stay online — and secure — around the clock.
Cloud-Native, Multi-Region Infrastructure
She Signal runs on SOC 2-certified cloud infrastructure distributed across multiple geographic regions, ensuring resilience against outages and data-center failures.
99.9% Uptime SLA
Our architecture is built for reliability. Automated failover, load balancing, and real-time health monitoring keep your alerts firing on schedule — no matter what.
Continuous Security Monitoring
Intrusion detection, anomaly alerts, and automated threat response run 24/7. Security incidents are triaged and escalated to our on-call team within minutes.
Audit Logging
Every access event, configuration change, and data export is immutably logged and retained for 12 months, supporting compliance and forensic investigations.
We test our own defenses — relentlessly.
Assuming you're secure isn't good enough. She Signal undergoes continuous and scheduled adversarial testing so vulnerabilities are found by us — before anyone else does.
Bi-Annual Penetration Tests
We engage independent third-party security firms to conduct full-scope penetration tests twice a year, covering web, API, and mobile attack surfaces.
Continuous Vulnerability Scanning
Automated scanners run against our codebase, dependencies, and infrastructure daily. Critical CVEs are patched within 24 hours of disclosure.
OWASP Top 10 Compliance
Our development lifecycle includes mandatory OWASP Top 10 reviews for every major release, enforced via static analysis and peer code review.
Dependency & Supply-Chain Audits
Every third-party library and dependency is tracked, audited, and pinned to verified versions. We monitor for supply-chain compromises in real time.