Security & Compliance

Enterprise-grade security, built for healthcare

Healthcare runs on trust and accountability. ArrivSure is built from the ground up to protect resident and visitor data, prove compliance on demand, and stand up to an audit, a survey, or a subpoena.

HIPAA Aligned
BAAs available on request
AES-256 at Rest
Encrypted storage
TLS 1.3 in Transit
Encrypted connections
Audit-Ready
Immutable activity logs
Data Protection

Protected at every layer

Security isn't a setting you turn on — it's how ArrivSure is built.

Encrypted at rest & in transit

All data is encrypted with AES-256 at rest and TLS 1.3 in transit — from the kiosk in your lobby to the dashboard on your desk.

Granular role-based access

Company, facility, and receptionist roles with per-user permission overrides. Healthcare/PHI access is gated off by default and granted only where needed.

No selling, no tracking

We never sell personal information. Our apps ship with zero third-party advertising or cross-app tracking SDKs.

Biometric app security

The staff Companion app supports Face ID / Touch ID app lock, with tokens stored in the device Keychain and re-auth after inactivity.

Physical tenant isolation

Data-feed directories are chrooted per company, and identity always comes from the SFTP account — never from what a file claims — so one tenant can never reach another's data.

Access that self-expires

Staff accounts provisioned from a roster feed are deactivated automatically the moment the employee leaves it, so access never outlives employment.

Audit Trail

An immutable record of everything

ArrivSure captures a complete, append-only audit log across your whole organization — the evidence you need for a HIPAA audit, SOC 2 review, or state survey, in one exportable place.

Every login, page view, and data export — with IP, device, and session context
Field-level change history on records, showing exactly what changed and who changed it
Access-denial events captured, not just successful actions
Signature audit trails on every signed document
Signatures re-trigger automatically when a document is renewed or its content changes
Filterable dashboard and one-click export for surveyors and auditors
Secure Messaging

Staff messaging that survives an audit

Replace personal texts and group chats with internal messaging that's encrypted at rest and cryptographically verifiable — so sensitive coordination stays inside a system you control.

Messages encrypted at rest, isolated per organization
Append-only history with redaction-over-deletion and a documented reason
A tamper-evident SHA-256 audit chain that can be verified end to end
Real-time delivery with read receipts, reactions, and attachments
Visitors and families are excluded — staff-only by design
e-Discovery

Legal holds & e-discovery, built in

When litigation or a subpoena hits, you're ready. ArrivSure includes enterprise legal-preservation tooling most visitor-management platforms simply don't have.

Place defensible legal holds by custodian, conversation, or date range
Nightly re-materialization keeps held records safe from retention purges
Forensic full-text search — exact, boolean, fuzzy, or regex
Reviewer tagging: responsive, privileged, key, or not-relevant
Chain-of-custody exports with per-record and bundle SHA-256 manifests
Access Control

Least-privilege by default

Role tiers & overrides

Global, company, and facility admins plus receptionists — with per-user permission overrides and reusable templates.

PHI access gating

Healthcare data is walled off behind a dedicated permission that's disabled until explicitly granted.

Audited support access

Support impersonation / view-as is fully logged, so every action taken on your behalf is accountable.

Need a BAA or a security review?

We're happy to walk your compliance team through our security practices and sign a Business Associate Agreement. Let's talk.

Talk to us