StrokeBill logoStrokeBill

Security at StrokeBill

Medical paperwork is some of the most sensitive data a family will ever hold. Here is how we keep it safe.

Updated April 30, 2026

Encryption

All data is encrypted in transit with TLS 1.2 or higher and at rest with AES-256. Document keys are stored in a separate key management service with rotation policies.

Access controls

  • Multi-factor authentication for every staff account.
  • Role-based access for staff with least-privilege defaults.
  • Full audit logs of any access to customer data.

Compliance posture

StrokeBill is built to meet HIPAA-style technical safeguards. We sign Business Associate Agreements with subprocessors handling Protected Health Information and are working toward SOC 2 Type II.

Incident response

We follow a published incident response plan. If a security incident affects your account, we will notify you within 72 hours.

Report a vulnerability

Email security@strokebill.com with the details. We respond to all reports within two business days and run a recognition program for valid findings.