Built for Healthcare. Secured for Trust.
Smile PreVue is designed with HIPAA compliance, encryption, and audit logging from the ground up. Not bolted on after the fact.
HIPAA-Aligned Workflows
Built on Google Cloud Platform with a Business Associate Agreement covering Cloud Run, Cloud SQL, Cloud Storage, Firebase Authentication, and Vertex AI for image generation.
AES-256 Encrypted Storage
Patient photos and data are encrypted at rest using AES-256 on Google Cloud Storage. All image access goes through time-limited signed URLs.
Role-Based Access Control
Four distinct roles (provider, nurse, office admin, owner) ensure team members only access what they need.
Full Audit Logging
Every user action is logged with timestamps, IP addresses, and user agents for complete audit trails.
Consent Management
Track patient consent per type with full records. Consent status is enforced before simulation generation.
Expiring Share Links
Patient preview links automatically expire. No patient data persists publicly beyond the configured window.
Architecture Built for Isolation
Row-Level Clinic Isolation
Each clinic's data is strictly isolated through row-level filtering. There is no multi-tenant data mixing. One clinic's patients, simulations, and records are never accessible to another.
Firebase Authentication with MFA
User authentication is handled through Firebase with support for multi-factor authentication. All API requests are validated against Firebase tokens on the backend.
AI Processing Under BAA
AI smile simulations are generated through Google Vertex AI (Gemini 3.1 Flash Image), which is covered by our Google Cloud Business Associate Agreement. Patient data is not used to train Google's models and is not reviewed by humans outside narrow abuse-flagged cases. Billing is handled through Stripe with no patient data exposure.