Skip to main content

Security without theater

Privacy rules your team can actually follow.

CF Platform is designed to reduce the sensitive information it holds, isolate every workspace, and make safe behavior the default. It is described as HIPAA-ready—not HIPAA-certified.

Secure mode visible

For health and wellness teams, privacy is a product behavior.

A policy document cannot stop someone from pasting patient details into a text. Secure mode changes the available channels, fields, sessions, and payment descriptions so safer behavior is built into the everyday workflow.

Public notificationProtected portalMessage content stays inside

What secure mode changes

Specific controls, not a badge.

01

Sensitive messages stay in the portal

Notification emails say a message is waiting without including its contents.

02

Texts stay focused on logistics

Secure-mode reminders use time, location, and a generic business name—no health details.

03

Health fields are not part of the CRM

Common health-related custom fields are blocked rather than relying on staff memory.

04

Campaigns have tighter boundaries

No text campaigns. Email campaigns require a recorded authorization confirmation.

05

Every workspace user uses 2FA

Secure-mode sessions are shorter and device access remains visible.

06

Payments use generic descriptions

Appointment deposits do not expose sensitive context on statements.

Platform-wide foundation

Every workspace is treated as its own boundary.

Tenant isolation
Workspace boundaries are enforced at the database layer, not only by screen-level filters.
Encryption
Deployed data is designed for encryption in transit and at rest, with secrets kept outside source code.
Audit history
Sensitive actions leave append-only records so invisible work can be reviewed.
Data ownership
Export is a launch promise. Your data is not used as leverage to keep you subscribed.

Clear language matters.

“HIPAA-ready” describes the architecture and secure-mode controls. It does not mean CF Design is claiming certification, guaranteeing a customer’s compliance, or offering a Business Associate Agreement before one is explicitly signed. Your policies, staff training, and connected tools remain part of your responsibility.

Discuss your requirements

A calm security review

Ask the hard questions before you move any data.

Bring the messy version. We will help you find the clearest first improvement.

Book a free demo