Security and compliance for healthcare-grade apps.

Healthcare data requires more than “good enough” security. Knack Health gives you a hardened platform for PHI, with HIPAA-compliant hosting, audited controls, and the certifications your teams and partners expect.

Built on a proven security foundation

Knack Health runs on the same core platform that powers thousands of production apps worldwide, with security controls applied at every layer of the stack.

You get the flexibility of no-code apps on top of infrastructure designed to protect sensitive data 24/7.

Encrypted connections
for all traffic between your browser, apps, and our servers

Encrypted storage
for all customer data and backups

Infrastructure hosted on AWS,
inheriting industry-standard security practices and certifications

Daily backups
with immutable copies and regional redundancy for resilience and recovery

For customers on our HIPAA package, we provide:

HIPAA hosting on hardened U.S. infrastructure
End-to-end encryption for PHI, in transit and at rest
Automatic inactivity timeouts to reduce exposure on unattended sessions
A Business Associate Agreement (BAA) for covered entities

What You Can Build

Knack Health is designed to support HIPAA requirements when you handle protected health information.

How this helps you.

You can build patient portals, intake workflows, and other PHI-handling apps while keeping data inside a controlled HIPAA-ready environment, backed by formal agreements and documentation.

Certifications, privacy, and data ownership

SOC 2 Type 2
Knack maintains SOC 2 Type 2 compliance and can provide current reports for due diligence.

GDPR compliant
The platform meets EU GDPR requirements for data processing and privacy.

PCI considerations
When payments are involved, card data is handled via PCI DSS–compliant providers rather than stored on Knack’s infrastructure.

Data handling

Application data ownership
All data stored in your Knack Health applications belongs to your organization. Knack does not sell, share, or use application data for any purpose outside of providing the service.

Platform access controls
Knack personnel do not access customer application data by default. Access is limited to narrowly defined, documented scenarios—such as customer-initiated support requests—and is fully logged and auditable.

Access control and authentication

Knack Health gives you multiple layers of protection around who can sign in and what they can see.

Authentication & account protections:

Two-factor authentication (2FA) for accounts, recommended for all admins and builders
Single sign-on (SSO) via SAML/Active Directory or LDAP on eligible plans
Optional IP allowlisting to restrict access to approved locations or networks

You stay in control of how staff, partners, and patients access your apps and data.

In-app access control:

Role-based permissions to define what different user groups can do in your apps
View-level and record-level access design, so users only see data that is relevant to them (for example, their own patients, caseloads, or location)
Configurable login requirements and protected pages to keep sensitive views behind authentication
Options to limit API responses to only fields surfaced in specific views, helping control what data is exposed programmatically

Application security

Security is built into how Knack is developed and operated, not bolted on after the fact.

For Knack Health customers, these controls sit underneath every form, workflow, and portal you build.

TLS 1.2+
for all data in transit, with strong ciphers and key lengths

AES-256
encryption for data at rest across primary databases and backups

Script-attack
protection and sanitization of unsafe input to reduce injection and XSS risk

Secure SDLC
practices with automated and manual code analysis before releases

Documented
incident response process, including investigation, remediation, and post-incident reviews

Availability, uptime, and resilience

Clinical and operational teams can’t afford outages. Knack’s platform is designed for high availability.

99.9%+ uptime,
with infrastructure designed for high availability across regions

Daily encrypted backups,
retained on a rolling schedule, with immutable backup technology to prevent tampering

24×7 monitoring of application health,
infrastructure, and network behavior

AWS regions in multiple geographies,
with HIPAA / GovCloud editions restricted to the U.S. as required

Your Knack Health apps are built on infrastructure designed to stay online and recover quickly if something goes wrong.

People, processes, and oversight

Technology alone doesn’t deliver security. Knack backs the platform with governed internal practices.

Background checks
for all new hires and ongoing training on current security policies and industry standards

Documented internal controls over access,
change management, and incident handling, assessed through SOC 2 audits

24×7 monitoring of application health,
infrastructure, and network behavior

Vendor review and reliance on AWS
and other providers with their own independent certifications

For healthcare customers, this means you’re not starting from scratch when completing security questionnaires, vendor risk assessments, or internal audits.

We support your team by:

Providing BAAs and documentation for HIPAA-covered use cases
Supplying SOC 2 reports under NDA for security reviews
Offering guidance on configuring apps and environments to align with your policies
Giving you tools like audit logs, IP restrictions, and 2FA that help enforce your own standards

How we support your security and compliance work

Knack Health is part of your broader security and compliance program, not a replacement for it.

Your organization remains responsible for configuring Knack Health appropriately and for meeting all applicable regulatory obligations.

Talk to us
about your security and compliance requirements

Share your internal application requirements. Our team can walk through how Knack Health supports HIPAA, SOC 2, GDPR, and your specific governance standards.