Launderly

HIPAA — opt-in mode

Who needs this

Healthcare-adjacent customers (medical-uniform laundering, scrubs distribution to hospitals) often handle protected health information indirectly. Launderly offers an opt-in HIPAA mode that activates the additional controls required by the HIPAA Security Rule.

What flips when you enable it

  • Field-level PII encryption. AES-256-GCM with per-tenant key derivation; PII columns return ciphertext in any DB dump.
  • 6-year audit log retention. AuditLog rows are not pruned for at least 6 years from creation.
  • PII redaction in logs. Email, phone, address, and free-form-note fields are redacted in application logs when the request is HIPAA-mode.
  • BAA execution. Activating HIPAA mode stamps baaSignedAt; the BAA template is downloadable from your account manager.

What this does NOT replace

Postgres at-rest encryption (TDE / RDS encryption) is a database-level configuration, not application code. Production tenants enabling HIPAA mode should also confirm their underlying database is configured with at-rest encryption — instructions in the BAA appendix.

Activation

OWNER role can toggle in Settings → Compliance. Activation is logged in the audit trail.