Binder is built for the people who get asked the hard questions during a security review. This page summarizes how the product is designed. A more detailed security package is available to prospective customers on request.
Operational quality logs don't require Protected Health Information (PHI) to do their job, so Binder is designed to operate without it. Binder should not be used to document patient-specific clinical information.
Binder is multi-tenant. Tenant-scoped data is separated using row-level security enforced by the database engine rather than only by application code, so a query that omits a tenant filter is still constrained to its own tenant. That makes tenant isolation easier to explain during a security review.
Access is role-based and scoped per site, following a least-privilege approach. Single sign-on (SSO) can be scoped during onboarding, including SAML and OpenID Connect (OIDC) identity providers such as Okta, Microsoft Entra ID, and Google Workspace.
Activity is recorded in an append-only audit trail with daily hash chaining and a configurable retention period (seven years by default). Survey and accreditation evidence can be exported as a spreadsheet or PDF for any date range.
Binder is being built against a published set of internal security policies aligned to SOC 2 control areas. A formal SOC 2 attestation report is not yet available; we are happy to discuss our current status and roadmap under a mutual non-disclosure agreement.
For procurement and security-review teams, we can provide a more detailed overview and answer a security questionnaire. Email hello@binderlogs.com and you'll work directly with the founder, not a queue.
Contact usLast updated: May 19, 2026 · Privacy Policy · Terms of Use