Data protection
- Encryption in transit (TLS 1.2+) and at rest with envelope keys.
- Scoped service accounts with least-privilege access to Supabase and S3.
- Customer data isolation by tenant and per-environment controls.
Security
Built for protected health data
Security controls that cover the kiosk edge, cloud platform, and operational practices.
Platform security
- Mandatory MFA and hardware security keys for privileged access.
- Weekly vulnerability scanning, SBOM tracking, and dependency alerts.
- 3rd-party penetration testing twice annually with remediation SLAs.
Device & network
- Signed firmware, secure boot, and tamper-evident kiosk enclosures.
- Network allowlists with outbound-only connections to platform APIs.
- Remote monitoring for camera health, calibration drift, and anomalous sessions.
Security questionnaire or attestation needed?
Email security@eyekiosk.store for SOC reports, pen test summaries, or to schedule a controls review.