Transparency

Security & Compliance

Trust, infrastructure, and payments

CarePostNow is built for real hiring workflows. This page explains what we can truthfully claim today based on our infrastructure and vendors, and what we do not claim.

What we implement

Encryption in transit: HTTPS/TLS for web traffic (commonly described as SSL).
Payments: card payments are processed by Stripe; Stripe is PCI DSS Level 1 certified as a payment processor.
Hosting & database: Supabase provides managed Postgres and authentication primitives; many Supabase components operate on infrastructure providers that maintain SOC 2 and related attestations (your data processing posture still depends on configuration and access controls).

What we do not claim

Unless your organization has completed its own independent audits, you should not market CarePostNow itself as "HIPAA certified", "ISO certified", or "SOC 2 certified" as a product. If you need HIPAA BAAs, enterprise security reviews, or formal compliance packaging, plan that as a separate commercial/legal workstream.

Operational security is a process

Strong defaults help, but production security also requires access control, monitoring, incident response, and regular reviews. If you are onboarding facilities at scale, prioritize least-privilege access, audit logs, and clear support channels.

Questions? support@carepostnow.xyz

Read Privacy Policy →