ctHelixOne

Security & sovereignty

Your data, your file, your call.

Operations data is sensitive, regulated, and increasingly hard to extract from vendor clouds. ctHelixOne™ takes the opposite stance: the bytes are yours, the file is yours, and the decision to migrate, archive, or destroy is yours alone.

Three sovereignty pillars

What we mean when we say ‘sovereign’.

Your data, your file

A portable database file means your full operational history is yours. Back it up. Snapshot it. Encrypt it. Move it.

Self-host or we host

Run it on your hardware, your VM, or your air-gapped network. Or let us run a hosted instance for you.

No lock-in

Standard SQL. Standard formats. You can walk away at any time and take everything with you.

Security primitives across the suite

Same primitives, every module.

Buying a second module doesn’t mean learning a second security model. The pieces below are shared across the ctHelixOne™ suite.

  • Argon2 credential hashing for operator passwords and field PINs.
  • Role-based permissions with audit trail on every mutation.
  • Independent auth surfaces for console and mobile — a compromised PIN never grants console access.
  • Short-lived, sliding tokens for mobile sessions.
  • Self-hostable on air-gapped networks — no outbound calls required.

What we don’t do

As important as what we do.

No phone-home with operational data.

No telemetry on your incidents, your units, your roster, or your patients. Crash and diagnostic reporting is opt-in and scrubbed.

No internet requirement for normal operation between check-ins.

The system runs entirely on your network between periodic license check-ins. Update cadence is on your schedule, not ours. Air-gap-friendly.

No kill switch that erases your data. The SQLite file is yours; you can read it without us.

Even in the Disabled license state, your data is untouched. The SQLite file sits exactly where it has always sat — and the format is open, standard SQL.

For your security team

We’ll meet them where they are.

Want our architecture diagram, threat model summary, or auth-surface deep-dive for a review packet? Start with the tech page and reach out for anything that isn’t covered.

Request the security pack Architecture overview

Need our architecture diagram for a review?

Tell us your framework. We’ll send the right packet, not a generic one.

Request the security pack Read the architecture