Security & Compliance

HIPAA-compliant from the foundation up

Most PM tools are not HIPAA-compliant. They don't claim to be. 1Project is the only project management platform built to handle PHI natively — not as a feature, but as infrastructure that your compliance team can audit.

Business Associate Agreement

We sign a BAA before any PHI enters the system. Standard, not optional. Our BAA commits us as your Business Associate with full HIPAA technical safeguard obligations.

Customer-managed encryption

PHI documents are stored in a separate physical storage tier with encryption keys managed by your organization via KMS integration. We cannot decrypt your PHI documents without your keys.

Data sovereignty

On-premises deployment means your data never leaves your network. For cloud deployments, your data lives in your designated region and is not shared across tenants.

Infrastructure-level PHI, not feature-level

There's a meaningful difference between claiming "we have audit logs" and actually building HIPAA-compliant audit infrastructure. 1Project is the latter.

Immutable audit infrastructure

Audit tables are append-only at the database tier. Cryptographic immutability triggers prevent tampering even by database administrators. Every PHI access — view, download, attachment — generates a permanent, uneditable audit record with identity, timestamp, purpose, and context.

Two-tier storage architecture

Standard documents and PHI documents live in separate physical storage classes. PHI storage uses customer-managed encryption keys via KMS integration. Access controls are enforced at the storage layer, not just the application layer.

Sensitive data vault

Patient identifiers and other sensitive values are stored as tokens. They flow through the system without exposing the underlying values — only authorized contexts resolve tokens to their actual data.

Patient registry integration

PHI documents are linked to patient records via a pluggable registry adapter: HL7, FHIR, direct EHR database connection, or custom integration. Minimum-necessary justification is documented at the point of access.

Legal hold and retention

Legal holds, retention policies, and disposition workflows are first-class concepts in the data model — not bolted-on toggles. The compliance officer role has elevated authority to initiate holds and run audit reports across all PHI in scope.

Your SIEM, not just ours

Audit events stream to your existing security infrastructure via configurable SIEM integration. Your security team sees 1Project activity in the same tools they use for everything else. Audit logs are not held hostage in Indelica's systems.

Granular access control

1Project's permission model has ~130 atomic permissions across 15+ domains. PHI access is a separate dimension that must be explicitly granted — having a project role does not automatically confer PHI access.

  • Per-project PHI access controls
  • Per-document access restrictions
  • Mandatory access prompts with purpose capture
  • Compliance officer role with elevated audit authority
  • Separation of duties enforced at assignment time
  • Time-bounded role assignments for substitutes
  • Every role grant and revocation audited

Authentication and identity

1Project supports SAML 2.0 and OIDC federation to your existing identity provider — Entra ID, Okta, on-premises Active Directory, or others. For on-premises deployments, a local OpenIddict instance issues tokens without cloud dependency.

  • SAML 2.0 / OIDC federation
  • Entra ID, Okta, on-prem AD
  • Local authentication for on-prem deployments
  • Works during internet outages (on-prem)
  • MFA enforced via your IdP

Disaster resilience for healthcare

Cloud-only software has a single failure mode: internet outage. For hospitals in hurricane corridors, regions prone to ransomware quarantine, or facilities with unreliable connectivity, that failure mode is unacceptable.

On-premises 1Project installations continue operating for weeks without internet access. Authentication works against your local Active Directory. All project data is local. PHI access and audit logging continue. A configurable 60-day offline grace period ensures license enforcement never locks out a hospital during an active outage.

When connectivity returns, the system reconciles automatically. Changes made offline merge cleanly with changes from connected locations. No manual intervention required.

What Indelica can and cannot do with your data

Your project content belongs to your organization. Indelica processes it solely to provide the contracted service. These are contractual commitments, not policies.

We do not read your project content to identify sales leads

We do not mine your data for competitive intelligence

We do not use your data to train AI models without consent

We do not share or sell your data to third parties

Indelica employee access to your tenant is audited, time-bounded, and requires reason capture

You can request a report of Indelica's access to your tenant at any time

Full data export is available throughout your contract and during the 30-day termination grace period

Questions for your security team?

We're happy to provide technical documentation, answer vendor risk assessment questions, and review the architecture with your compliance officer. The design documents are available to your security team during procurement.

Get in touch