Your AI-powered suite of ABA tools
Contact Us

Security

Colored pencils

    • Security

    Data protection practices, encryption, infrastructure security, and AI safety measures across the Get ABA Suite platform.

    admin
    contact@getabasuite.com

    Topics

    Privacy Policy
    Terms of Service
    Security
    HIPAA Compliance
    Cookies Policy

    Products

    Get ABA Assessments
    Get RBT Notes
    Get RBT Training

    Our Commitment

    Get ABA Suite handles sensitive clinical and personal data. Security is not a feature we added — it is a foundational requirement that shapes how we design, build, and operate every product.

    This page describes the security practices we implement across the Get ABA Suite platform, including Get RBT Training, Get ABA Assessments, and Get RBT Notes.

    Data Encryption

    In Transit

    All data transmitted between your device and our servers is encrypted using HTTPS with TLS 1.2+. This applies to all web and mobile applications, API communications, and file uploads.

    At Rest

    All stored data — including databases, uploaded documents, and generated reports — is encrypted at rest using AES-256 encryption managed through AWS Key Management Service (KMS).

    Infrastructure Security

    Cloud Hosting

    Get ABA Suite is hosted entirely on Amazon Web Services (AWS), leveraging:

    • AWS S3 — Secure object storage for uploaded documents and generated reports
    • AWS CloudFront — Content delivery with signed, time-limited URLs for document access
    • AWS RDS — Managed database services with automated backups and encryption
    • AWS VPC — Network isolation to restrict access to internal services

    Network Security

    • All production systems operate within a Virtual Private Cloud (VPC) with restricted access
    • Database and application servers are not directly accessible from the public internet
    • Web application firewalls (WAF) and DDoS protection are in place
    📊
    DIAGRAM: Infrastructure architecture overview

    Access Control and Authentication

    • User authentication — Secure login with hashed and salted password storage
    • Role-based access control — Users see only the data and features appropriate to their role (e.g., RBTs see their own notes; BCBAs see notes assigned for review)
    • Session management — Sessions expire after periods of inactivity; tokens are invalidated on logout
    • Administrative access — Platform administration requires multi-factor authentication and is restricted to authorized personnel

    Document Security

    Generated reports and uploaded files are never stored with public URLs. All document access uses:

    • Signed URLs — Each document request generates a unique, cryptographically signed URL
    • Time-limited access — URLs expire after a short period, preventing unauthorized sharing or access
    • Access logging — Every document access event is recorded for audit purposes

    Audit Trails and Logging

    • All clinical data modifications are logged with timestamps and user identification
    • Soft-delete architecture — Records are never permanently deleted during normal operation; they are marked as deleted and preserved for compliance and audit review
    • Application logs capture authentication events, data access patterns, and system errors
    • Logs are stored securely and retained according to our data retention policy

    AI Safety Practices

    Get ABA Suite uses AI (OpenAI GPT-4) to generate clinical narratives and study content. Our AI safety practices include:

    • Data de-identification — PII and PHI are stripped from all data before it is sent to AI models. Only de-identified clinical observations and structured data are processed.
    • No model training — Clinical data processed through our platform is not used to train third-party AI models.
    • Output review — All AI-generated content is presented as a draft. A qualified professional must review, edit, and approve output before it enters the clinical record.
    • Prompt security — AI prompts are constructed server-side with strict input validation to prevent injection or manipulation.

    Incident Response

    In the event of a security incident:

    • Our team investigates and contains the issue immediately
    • Affected users are notified in accordance with applicable breach notification laws
    • We conduct a post-incident review and implement measures to prevent recurrence
    • Records of incidents and responses are maintained as part of our compliance documentation

    Responsible Disclosure

    If you discover a potential security vulnerability in any Get ABA Suite product, please report it responsibly to contact@getabasuite.com. We take all reports seriously and will respond promptly.

    Questions

    For questions about our security practices:

    AC Partners LLC
    Email: contact@getabasuite.com
    Phone: +1 (561) 283-3549

    Table of contents