Security & Privacy
Echo is built with healthcare data protection as a foundational requirement, not an afterthought.
Multi-Tenant Isolation
Each organization operates in a logically isolated tenant with header-based routing.
Institutional tenants are logically isolated at the gateway and data layer. Cross-tenant data access is not permitted.
System Architecture
Microservices architecture with centralized authentication and authorization.
Security Controls
Authentication
JWT-based authentication with refresh token rotation and session management.
Authorization
Role-based access control (RBAC) with tenant-scoped permissions.
Encryption
TLS 1.3 for data in transit, AES-256 for data at rest.
Audit Logging
Comprehensive audit trails for all data access and modifications.
Compliance
HIPAA-aligned data handling practices
SOC 2 Type II controls in progress
Regular third-party security assessments
Operating Model
How the platform behaves under normal and adverse conditions.
Governance by Default
All requests pass through tenant identification, entitlement validation, and audit logging before execution.
Fail-Closed Safety
Unknown tenant state, missing entitlement, or ambiguous identity denies by default.
Evidence Over Claims
Every enforcement decision is observable, timestamped, and reviewable.
Tenant Boundaries Are Sacred
Cross-tenant data access is technically prevented at gateway and data layers.
Operational Clarity
Service health, latency, and policy enforcement events are measurable in real time.