Skip to main content

Security & trust

Built like clinical infrastructure, because it is.

Photographs of skin are protected health information. Constellation treats them that way from the first line of code — not as a compliance checkbox after the fact.

  • HIPAA posture from day one

    Constellation runs on HIPAA-eligible infrastructure under a business associate agreement, with PHI encrypted in transit and at rest. Privacy isn't a tier we upgrade to — it's the default architecture.

  • Every access is audited

    Every capture, every view of a photo, every comparison, every configuration change writes to an append-only audit log — including who, when, and from where. Failed access attempts are logged too. The trail can't be edited or deleted, by anyone.

  • Consent is per photo, owned by the patient

    Consent isn't a blanket checkbox at intake. It's recorded per photo, visible to the patient in their portal, and revocable. A photo without consent standing behind it doesn't get used. Ever.

  • Access is scoped by role

    Row-level security enforces who can see what at the database itself — not just in the interface. An MA, a doctor, a practice owner, and a patient each see exactly their slice, and nothing else.

  • Photo links that expire

    Patient photos are never public URLs. Every image is served through short-lived signed links that expire in minutes and are never written to logs.

  • AI never writes the chart

    The deterministic core — measurements, alignment, history — is exactly that: deterministic and tested. AI-assisted surfacing suggests and ranks; it cannot diagnose, cannot commit to the record, and cannot bypass the dermatologist's sign-off.

A deliberate boundary

Constellation stops at the end of the exam.

Your EMR remains the system of record for assessment and plan, coding, prescribing, and the formal note. Constellation owns one thing — the longitudinal visual record of the exam — and owns it completely. Systems that try to own everything protect nothing well.

Your data

The record belongs to the practice and the patient.

The longitudinal record Constellation builds is your practice's clinical asset and your patients' history. No selling data. No training foundation models on your patients' photos without explicit, separate consent. Leaving is as clean as staying.

Questions your compliance officer will ask?

Good — ours asks them too. Security review is part of every pilot conversation.

Join the pilot