Skip to content

Security & Compliance

Security you can trust, compliance you can prove

Your clients trust you with their most sensitive information. We take that responsibility seriously with enterprise-grade security and full HIPAA compliance.

Request a Demo View BAA

HIPAA Compliant

Full regulatory compliance

256-bit Encryption

AES-256 at rest & in transit

99.9% Uptime

SLA guaranteed

Our approach to security

At Mente360, security isn't an afterthought—it's foundational. Every feature, every line of code, and every infrastructure decision is made with the protection of your clients' data in mind.

We understand that mental health data is among the most sensitive information that exists. That's why we've built our platform to exceed HIPAA requirements and follow security best practices used by financial institutions and healthcare enterprises.

HIPAA Compliance

Mente360 is fully HIPAA compliant. We implement administrative, physical, and technical safeguards required by the HIPAA Security Rule to protect electronic Protected Health Information (ePHI).

  • Administrative Safeguards

    Security policies, workforce training, risk assessments, and incident response procedures.

  • Physical Safeguards

    Data center security, workstation policies, and device controls.

  • Technical Safeguards

    Access controls, encryption, audit logs, and transmission security.

Business Associate Agreement

HIPAA requires a BAA between covered entities (you) and business associates (us). We provide a signed BAA at no additional cost with every plan.

  • Included with all pricing tiers
  • Electronic signature during onboarding
  • Download anytime from your account
View BAA Template

Technical Security

Data Encryption

  • AES-256 encryption at rest
  • TLS 1.3 encryption in transit
  • Encrypted database backups
  • Key management via HSM

Access Controls

  • Role-based permissions
  • Multi-factor authentication
  • Session timeout controls
  • IP allowlisting (Enterprise)

Audit Logging

  • Complete activity history
  • User, timestamp, IP tracking
  • Exportable audit reports
  • 7-year retention

Application Security

  • Regular penetration testing
  • Vulnerability scanning
  • Secure development practices
  • Dependency monitoring

Infrastructure

  • SOC 2 certified data centers
  • US-based data storage
  • DDoS protection
  • 24/7 monitoring

Backup & Recovery

  • Daily encrypted backups
  • Geographic redundancy
  • Point-in-time recovery
  • Disaster recovery plan

Data Privacy

You own your data

Your practice data belongs to you. We are custodians, not owners. You can export all your data at any time, and we will never sell, share, or use your data for purposes other than providing the Mente360 service.

  • Full data export available anytime
  • Data deleted upon account closure
  • No data selling or sharing

Data retention

We retain your data for as long as your account is active. Upon account closure, data is retained for 30 days (allowing for reactivation), then permanently deleted.

  • 30-day retention after closure
  • Permanent deletion available on request
  • Audit logs retained 7 years

Security questions or concerns?

Our security team is available to answer questions, provide documentation, or discuss your specific compliance requirements.

security@gomente360.com Request Security Review

Ready to simplify your practice?

Join practitioners who've reclaimed hours each week. See Mente360 in action with a personalized demo.

Request Your Free Demo

No credit card required