Security and compliance built into the foundation.
EnaBed is designed for organizations where data isolation, identity governance, and audit integrity are non-negotiable — hospitals, nursing home chains, and multi-site care operators.
Capabilities
Every security feature you need. None added later.
PostgreSQL Row-Level Security
Complete data isolation enforced at the database engine level. No cross-tenant data leakage even under application misconfiguration.
OIDC / SAML Identity
Enterprise identity via EnaCore Identity with PKCE flows. Bed Admin and Bed Staff roles, plus Platform Auditor and Platform Owner for compliance surfaces.
HMAC-SHA256 Audit Chain
Append-only audit log with cryptographic integrity chaining per organization. Hash and chain verified on demand in the admin panel.
Encrypted Secrets at Rest
SMS provider credentials, webhook secrets, and session tokens encrypted using AES-GCM before storage in Redis.
Role-Based Access Control
Bed Admin and Bed Staff roles scope facility and bed operations. Platform Auditor provides read-only audit access; Platform Owner manages organization settings and subscription.
Audit Retention Tiers
3 years on Starter, 5 years on Professional, 7 years on Enterprise. CSV export up to 5,000 rows with hash integrity verification.
Built for regulated, multi-tenant environments.
Security and compliance are not bolt-ons. They are structural properties of the platform.
PostgreSQL Row-Level Security
Complete data isolation enforced at the database layer via RLS. No organization can access another organization's data — even under misconfiguration. Optional full data isolation available.
OIDC Identity Management
Enterprise-grade identity with OIDC/SAML via EnaSpace. Bed Admin and Bed Staff module roles, plus Platform Owner and Platform Auditor for governance. Granular permissions for buildings, units, rooms, beds, and analytics.
HMAC-SHA256 Audit Chain
Every admin action is recorded in an append-only, per-organization audit log with HMAC-SHA256 integrity chaining. Hash and chain validity verified on demand.
Global Data Security
Patient identifiers are optional. Explicit consent recorded where required. Configurable data retention periods. PII handled in compliance with GDPR and KVKK.
Enterprise Architecture FAQ
Enterprise-grade infrastructure. No trade-offs.
PostgreSQL RLS
Data isolation enforced at the database engine level, or optional full isolation.
HMAC Audit Chain
Tamper-evident, per-organization, append-only audit records.
OIDC
Industry-standard enterprise identity and SSO.
International standards compliant
Consent-first data collection with configurable retention.
Huawei OBS
Per-organization object storage with encryption at rest.
EnaSpace Platform
Self-service provisioning, billing, and operations via EnaSpace Portal.
See EnaBed in your facility.
Contact us — we'll walk through facility modeling, bed workflows, live updates, and your enterprise configuration together.