Trust
Security & compliance
How Pierflow protects health data, financial data, and the systems that touch them.
Pierflow is built to handle the kind of data that has to be handled the way health data must be handled. Every layer assumes the worst and defaults to least privilege.
Encryption#
| At rest | AES-256 on all PII, PHI, and financial fields |
| In transit | TLS 1.3 enforced; HSTS; certificate pinning in mobile SDKs |
| Tokens | Bearer tokens never written to logs; redacted in support tooling |
Role-based access#
Admin operations are governed by least-privilege RBAC. Roles include super_admin, ops_admin, partner_admin, and read_only.
PHI isolation#
Health data is held in a separate schema with stricter access controls. Bulk endpoints never return PHI fields; you must explicitly request a specific record to see them.
NDPR compliance#
Data residency in Nigeria (AWS af-south-1). Retention policy enforced at the storage layer. Data subject rights APIs handle erasure and portability requests within the regulatory window.
Pierflow processes data on behalf of its partners under a Data Processing Agreement. The partner is the data controller; Pierflow is the data processor.