Security & Compliance
Innerwork and BloomPaws handle sensitive health data for children, families, and pets. Security is not an afterthought — it's foundational to everything we build.
Security Practices
All data is encrypted in transit using TLS 1.3 and at rest using AES-256. Encryption keys are rotated automatically every 90 days.
Every user on both platforms operates within a scoped permission model. Least-privilege principles are enforced at the API and application layer.
All data access and modification events are immutably logged with user, timestamp, IP, and change details — retained for 7 years.
Hosted on SOC 2-certified cloud infrastructure. Private VPCs, firewall rules, DDoS protection, and WAF enabled across all environments.
Annual third-party penetration tests and continuous automated vulnerability scanning across all production systems.
Multi-factor authentication enforced for admin accounts. Enterprise SSO (SAML 2.0, OIDC) available for enterprise tenants.
Compliance & Certifications
Data subject rights, processing agreements, and EU data residency options available.
Designed to support HIPAA requirements for covered entities. BAA available on Enterprise plans.
Annual SOC 2 Type II audit conducted by an independent third-party auditor.
Information security management aligned with ISO 27001 controls. Certification in progress.
Vulnerability Disclosure
If you believe you have found a security vulnerability in any BloomSenzAI system, please report it responsibly. We commit to acknowledging reports within 24 hours and providing a resolution timeline within 72 hours.
Report to: security@bloomsenz.com
Please do not publicly disclose vulnerabilities before we have had a reasonable time to address them. We appreciate responsible disclosure.
Start Your Free Trial or Book a Demo
Whether you run a therapy centre or a vet clinic — we'd love to show you what BloomSenzAI can do.