Security and compliance for healthcare-grade apps.

Healthcare data requires more than “good enough” security. Knack Health gives you a hardened platform for PHI, with HIPAA-compliant hosting, audited controls, and the certifications your teams and partners expect.

Built on a proven security foundation

Knack Health runs on the same core platform that powers thousands of production apps worldwide, with security controls applied at every layer of the stack.

You get the flexibility of no-code apps on top of infrastructure designed to protect sensitive data 24/7.

Encrypted connections
for all traffic between your browser, apps, and our servers

Encrypted storage
for all customer data and backups

Infrastructure hosted on AWS,
inheriting industry-standard security practices and certifications

Daily backups
with immutable copies and regional redundancy for resilience and recovery

For customers on our HIPAA package, we provide:

HIPAA hosting on hardened U.S. infrastructure
End-to-end encryption for PHI, in transit and at rest
Automatic inactivity timeouts to reduce exposure on unattended sessions
A Business Associate Agreement (BAA) for covered entities

What You Can Build

Knack Health is designed to support HIPAA requirements when you handle protected health information.

Why this matters:

You can build patient portals, intake workflows, and other PHI-handling apps while keeping data inside a controlled HIPAA-ready environment, backed by formal agreements and documentation.

Certifications, privacy, and data ownership

SOC 2 Type 2
Knack maintains SOC 2 Type 2 compliance and can provide current reports for due diligence.

GDPR compliant
The platform meets EU GDPR requirements for data processing and privacy.

PCI considerations
When payments are involved, card data is handled via PCI DSS–compliant providers rather than stored on Knack’s infrastructure.

Data handling

Application data ownership
All data stored in your Knack Health applications belongs to your organization. Knack does not sell, share, or use application data for any purpose outside of providing the service.

Platform access controls
Knack personnel do not access customer application data by default. Access is limited to narrowly defined, documented scenarios—such as customer-initiated support requests—and is fully logged and auditable.

Access control and authentication

Knack Health gives you multiple layers of protection around who can sign in and what they can see.

Authentication & account protections:

Two-factor authentication (2FA) for accounts, recommended for all admins and builders
Single sign-on (SSO) via SAML/Active Directory or LDAP on eligible plans
Optional IP allowlisting to restrict access to approved locations or networks

You stay in control of how staff, partners, and patients access your apps and data.

In-app access control:

Role-based permissions to define what different user groups can do in your apps
View-level and record-level access design, so users only see data that is relevant to them (for example, their own patients, caseloads, or location)
Configurable login requirements and protected pages to keep sensitive views behind authentication
Options to limit API responses to only fields surfaced in specific views, helping control what data is exposed programmatically

Application security

Security is built into how Knack is developed and operated, not bolted on after the fact.

For Knack Health customers, these controls sit underneath every form, workflow, and portal you build.

TLS 1.2+
for all data in transit, with strong ciphers and key lengths

AES-256
encryption for data at rest across primary databases and backups

Script-attack
protection and sanitization of unsafe input to reduce injection and XSS risk

Secure SDLC
practices with automated and manual code analysis before releases

Documented
incident response process, including investigation, remediation, and post-incident reviews

Availability, uptime, and resilience

Clinical and operational teams can’t afford outages. Knack’s platform is designed for high availability.

99.9%+ uptime,
with infrastructure designed for high availability across regions

Daily encrypted backups,
retained on a rolling schedule, with immutable backup technology to prevent tampering

24×7 monitoring of application health,
infrastructure, and network behavior

AWS regions in multiple geographies,
with HIPAA / GovCloud editions restricted to the U.S. as required

Your Knack Health apps are built on infrastructure designed to stay online and recover quickly if something goes wrong.

People, processes, and oversight

Technology alone doesn’t deliver security. Knack backs the platform with governed internal practices.

Background checks
for all new hires and ongoing training on current security policies and industry standards

Documented internal controls over access,
change management, and incident handling, assessed through SOC 2 audits

24×7 monitoring of application health,
infrastructure, and network behavior

Vendor review and reliance on AWS
and other providers with their own independent certifications

For healthcare customers, this means you’re not starting from scratch when completing security questionnaires, vendor risk assessments, or internal audits.

We support your team by:

Providing BAAs and documentation for HIPAA-covered use cases
Supplying SOC 2 reports under NDA for security reviews
Offering guidance on configuring apps and environments to align with your policies
Giving you tools like audit logs, IP restrictions, and 2FA that help enforce your own standards

How we support your security and compliance work

Knack Health is part of your broader security and compliance program, not a replacement for it.

Your organization remains responsible for configuring Knack Health appropriately and for meeting all applicable regulatory obligations.

Talk to us
about your security and compliance requirements

Share your internal application requirements. Our team can walk through how Knack Health supports HIPAA, SOC 2, GDPR, and your specific governance standards.

Frequently Asked Questions (FAQs):

What kinds of security does Knack Health provide for healthcare apps?

Knack Health protects sensitive healthcare data with encrypted connections and storage, hardened infrastructure, and daily backups to keep systems safe 24/7. It also includes:

Encrypted data storage and transfer
Role-based access controls
Audit logs for record changes
Secure hosting environments
Optional single sign-on (SSO)
Compliance support for HIPAA, SOC 2 Type II, and GDPR requirements

Security features vary by plan and configuration.

Is Knack Health suitable for apps that handle protected health information (PHI)?

Yes. With its HIPAA package, Knack Health supports building apps like patient portals and intake workflows that comply with HIPAA requirements.

What compliance certifications does Knack maintain?

Knack Health holds SOC 2 Type 2 compliance, meets GDPR privacy standards, and uses PCI-compliant providers for payment data — helping organizations meet regulatory requirements.

Does Knack Health offer access controls for users?

Yes. The platform includes two-factor authentication (2FA), optional single sign-on (SSO), IP allowlisting, and role-based access restrictions to control who sees what.

How does Knack handle application security?

Knack Health uses modern safeguards like TLS 1.2+ for data in transit, AES-256 encryption at rest, script-attack protections, and a secure SDLC with incident response processes.

What measures ensure data availability and resilience?

The platform offers 99.9%+ uptime, daily encrypted backups with immutable copies, and 24×7 monitoring so healthcare apps stay online and recover quickly from issues.

Does Knack access or use customer data for any purpose outside service delivery?

No. Data in Knack Health applications is owned by the organization, isn’t sold or shared, and Knack personnel only access it in specific, logged scenarios like support requests.