Security & trust

Built to pass procurement.

Stable runs facilities for multi-location operators — including security-sensitive ones. Tenant isolation, encryption, access control, and proof are foundational, not bolted on.

Talk to our team

Tenant isolation

Every record is scoped to its organization with database row-level security — one client can never read another's data, enforced at the data layer, not just the app.

Encryption

TLS 1.2+ in transit and AES-256 at rest across the platform and all file storage.

Role-based access

Least-privilege roles from site to district to executive. People see exactly what their scope allows — nothing more.

Immutable audit trail

Every state change is logged with actor and timestamp, exportable for your auditors and examiners.

Photo + code verification

Work is proven on-site with timestamped photos and a completion-code handshake — a tamper-evident record of what actually happened.

Hardened infrastructure

Built on managed Postgres and an edge runtime with automated backups, isolated environments, and continuous monitoring.

Compliance program

Where we are, transparently.

We tell you exactly what's in place today and what's on the roadmap — no security theater.

SOC 2 Type IIObservation window in progress

WCAG 2.1 AAAccessibility built into the UI

Penetration testingAnnual third-party testing planned

Vendor vetting & COI trackingInsurance and licensing on file

Data Processing AgreementAvailable on request

MBE/WBE certificationPlanned

Report a security concern: security@stablesvc.com