Skip to main content

Security

Last reviewed 2026-06-15

Pyrenth is run by Pyrenth LLC. We build Pyrenth for clinics and practices that handle health records, so we treat security as part of the product, not an add on. This page explains in plain terms how we protect the data we hold and how to tell us about a problem. The detailed framework by framework evidence lives in the Trust Center.

Encryption

Every piece of data Pyrenth stores is encrypted while it sits on disk. Every connection to Pyrenth is encrypted while the data moves over the network. We use FIPS 140 validated cryptography for both, the same standard federal agencies require. The data stays inside the United States.

HIPAA and substance use records

When a practice signs up, the practice is the covered entity under HIPAA and Pyrenth LLC is the business associate. Every customer practice signs a Business Associate Agreement with us before any real patient data moves into the system. Substance use disorder records get the extra protection 42 CFR Part 2 requires. The consent check that controls who can open those records runs in the code itself, not on a paper checklist.

Audit logging

The signed in application writes an audit log entry every time a clinician opens a patient chart or changes a record. The log records who did it, when, and from where. That log belongs to the practice. We produce it for them on request, including for an audit or a legal request.

Access and sign in

People sign in with an email, a password, and a second factor. Each person only sees the data their role allows, and Pyrenth scopes every record to one organization so one practice can never see another practice data.

If something goes wrong

If we find or are told about a breach of unsecured patient data, we tell the affected practice without unreasonable delay and within the window HIPAA sets, and we give them what they need to meet their own notice duties. We keep records of how we found the problem, what we did to contain it, and what we changed so it does not happen again.

Federal frameworks

Pyrenth maps its controls to 11 federal and industry frameworks, including NIST 800-53, FIPS 140, and HIPAA. The current score for each framework, with the evidence behind it, lives in the Trust Center.

Report a security problem

If you found a security problem, please tell us. Email security@pyrenth.app. The machine readable disclosure details, including our reporting policy and contact of record, live in our security.txt file, published under RFC 9116. We read every report and we do not pursue researchers who report in good faith.