Security & Infrastructure
Hivemanager.io is built on Google Cloud Platform — the same infrastructure that powers Google's own services. Your clinic's data is protected by Google's global security teams, compliance frameworks, and enterprise-grade encryption at every layer.
Built on Google Cloud Platform
We chose Google Cloud Platform (GCP) because it is one of the most secure, compliant, and reliable cloud environments available — used by hospitals, financial institutions, and government agencies worldwide.
Google Security Teams
Google employs more than 900 full-time security professionals dedicated to protecting infrastructure. Your data benefits from the same security posture that protects Gmail, Google Workspace, and Google Cloud customers at enterprise scale.
Global Network & Redundancy
GCP operates across 40+ regions and 120+ zones worldwide. Hivemanager.io services run on redundant infrastructure designed for high availability — so your clinic booking system stays online even when individual data centre components fail.
Encryption at Rest and in Transit
All data stored in Hivemanager.io is encrypted at rest using AES-256, the same standard used by financial institutions. All data in transit is encrypted using TLS 1.2 or higher. Encryption keys are managed by Google Cloud Key Management Service.
Physical Security
Google Cloud data centres have multiple layers of physical security including 24/7 guards, biometric access controls, and video surveillance. Access to production infrastructure is logged, audited, and strictly need-based — Google employees cannot access your data without an auditable reason.
Audit Logging
All access to Hivemanager.io infrastructure is logged through Google Cloud's audit logging system. These immutable logs record who accessed what, when, and from where — providing a complete trail for security reviews and compliance audits.
Managed Services
We use Google Cloud's managed database and compute services, which include automatic patching, version management, and vulnerability remediation. Google's teams handle infrastructure-level security so we can focus on building a better product for your clinic.
Google Cloud holds certifications across:
These certifications are maintained by Google Cloud, independently audited, and publicly documented at cloud.google.com/security/compliance.
HIPAA-Supportive Infrastructure
Massage therapy practices in the United States that handle protected health information (PHI) must comply with HIPAA. Hivemanager.io is built on Google Cloud's HIPAA-covered services and follows practices designed to support your clinic's HIPAA obligations.
Business Associate Agreement (BAA)
Google Cloud enters into a Business Associate Agreement with Hivemanager.io, making GCP a covered Business Associate under HIPAA. This means the infrastructure layer — databases, storage, compute — operates under HIPAA's requirements for PHI handling.
US-based clinics on Hivemanager.io that need a BAA for their records can contact our support team to discuss their specific compliance setup.
PHI Handling Practices
Hivemanager.io treats client health records — intake forms, SOAP notes, health history, and session data — as sensitive health information at all times. Access within the platform is role-based: therapists access only the records relevant to their sessions. Clinic owners have full access to their clinic's records.
Data Minimization
We collect and store only what is needed to operate the platform. We do not use client health data for advertising, profiling, or any purpose other than delivering the service to your clinic. Health information is never shared with third parties except as required to operate the platform.
Breach Notification
In the unlikely event of a data security incident affecting your clinic's records, we will notify affected clinics promptly in accordance with applicable breach notification requirements. Google Cloud's incident response team provides the underlying infrastructure-level monitoring and detection.
A note on compliance: HIPAA compliance is a shared responsibility. Hivemanager.io provides the infrastructure and practices to support your compliance obligations, but individual clinics are responsible for their own HIPAA policies, staff training, and procedures. If you have specific compliance requirements, we recommend consulting with a qualified HIPAA advisor.
How Your Data is Protected
| What | How it's protected |
|---|---|
| Client records & SOAP notes | Encrypted at rest (AES-256) on Google Cloud. Access restricted to authenticated clinic staff only. |
| Intake forms & health history | Stored as encrypted records. Never shared with third parties or used for any purpose other than serving your clinic. |
| Payment information | Processed by Stripe (PCI DSS Level 1 certified). Hivemanager.io never stores full card numbers. |
| Login credentials | Passwords are hashed using bcrypt. We support two-factor authentication and session expiry controls. |
| Data in transit | All connections to Hivemanager.io use TLS 1.2 or higher. HTTP traffic is automatically redirected to HTTPS. |
| Backups | Automated daily backups stored encrypted on Google Cloud Storage. Retention policy: 30 days. |
| Data deletion | Upon account termination, clinic data is deleted from active systems within 30 days and from backup rotation within 60 days. |
Questions about security or compliance?
Our team is happy to answer questions about data handling, HIPAA, or our infrastructure.