Enterprise Compliant
Digitally Certified & Secure

Your Information is Always Safe

We incorporate industry-leading measures to secure all your data.

hipaa compliant scheduling api


Spurwing is compliant with US Health Insurance Portability and Accountability Act (HIPAA) regulations. That includes the Privacy, Security, & Breach Notification Rules and the Administrative & Physical Safeguards.

soc certified scheduling api

SOC 1+2 Certified

Spurwing's API is fully encrypts your sensitive business data, stores it in SOC 1+2 certified facilities, and everything is fully audit logged.

pci certified scheduling api


Spurwing's payment processor is certified as Payment Card Industry (PCI) Service Provider Level 1, the highest possible level.

gdpr compliant scheduling api


The General Data Protection Regulation (GDPR) is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions.


We Maintain the Highest Levels of HIPAA Compliant Security and Privacy

Physical Security

Our servers are housed in facilities that are protected by biometric security, surveillance systems, and security guards - 24 hours a day, 7 days a week, 365 days a year.

Disaster Recovery

We have a disaster recovery plan in place, including redundant power supplies and data backup.

Data Security

We store data at SOC Type 1- and SOC Type 2-certified facilities.

Transmission Security

Our website data is encrypted with 256-bit Secure Socket Layer (SSL) technology, whether you’re on a desktop, laptop, tablet, or phone. We use cryptographic keys to authenticate data transfer.


We use standard transactional codes (CPT, ICD-10) that are based on up-to-date databases and monitored for updates. We monitor state & federal HIPAA rules to ensure compliance is current.

Financial Transactions

We process credit card transactions using secure encryption on a Level 1 PCI-compliant network. We tokenize and encrypt all payment information, and we do not store it ourselves.


We offer granular organization-level permissions, to control data access. Spurwing employees are trained on security protocols, and we have a company Privacy Officer.

Audit Controls

We keep access logs and audit trails every time patient information is viewed, edited, or deleted. This includes SSH logs, SQL query logs, platform backend activity logs, and Apache logs.


We are regularly audited by third party penetration testers to ensure compliance meets standards. We also run tests on our own software: we scan our ports, test for SQL injection, and block cross-site scripting.


Why HIPAA, SOC 1+2, and PCI-compliance Is Important for Your Business

Your business and client information is confidential, we ensure it stays that way.

Protect Client Data
Confidently store personal information, including sensitive contact & booking data, appointment locations, meeting URLs and more.
Safeguard Financial Data
Securely store financial data, like credit card numbers, and bank account profiles necessary for payments.
Connect Securely
Assure your clients that all appointments, data, logs, conctact details, geo data, and other communication is encrypted and private.
Regulation Compliance
Follow regulations and requirements set forth by insurance companies, coaching and accreditation institutions, and government bodies.
Getting started

Build with Spurwing Today!