COMPLIANCE

HIPAA Compliance

For med spas, medical aesthetics practices, and wellness clinics that handle protected health information, Tresse is built on HIPAA-eligible infrastructure and can support compliant workflows.

Encrypted client records at rest and in transit
Audit logs for record access and modification
Business Associate Agreement (BAA) available on request
Role-based permissions with minimum-necessary access
Automatic session timeouts and re-authentication
Infrastructure hosted on SOC 2 certified providers (Vercel, Neon, Clerk)

To request a BAA or discuss compliance requirements, contact compliance@tresse.io