Security
Built for the data prevention organizations actually hold.
Participant rosters, demographic data, pre/post assessments, certificates. preventionOS is designed against the data your funders and your state expect you to protect.
Multi-tenant isolation
Every organization runs on its own logical tenant. No cross-organization data access without an explicit, audited integration.
Encryption
All data encrypted in transit (TLS 1.2+) and at rest. Backups encrypted. Keys managed through cloud provider KMS.
Role-based access
Director, coordinator, facilitator, and stakeholder roles each see only what they need. Audit logs for every administrative action.
Hosting
Hosted on AWS US regions. SOC 2 trajectory in development as preventionOS scales.
Aggregate community data
The community layer (in development) shares aggregate, de-identified impact data only. Individual participant data never leaves your tenant.
Subprocessors
Subprocessor list available on request as part of any procurement or security review.
Reporting a security concern
Email security@preventionos.org. We respond within one business day.