America Rx Stay

Security at CCSHOPE

Bank-Grade Infrastructure

Last Updated: June 28, 2026

01

Data Encryption Standards

Patient safety is our primary directive. To protect clinical records, prescriptions, and health queries, we run a zero-trust infrastructure.

In-Transit Encryption

All incoming and outgoing traffic is protected via Transport Layer Security (TLS 1.3). Connections are restricted to HTTPS with HTTP Strict Transport Security (HSTS) enforced.

At-Rest Encryption

Database schemas storing clinical data, medical attachments, and delivery addresses are encrypted at-rest using Advanced Encryption Standard (AES-256) with dynamic key rotations.

02

Payment Security & PCI

We never store full card numbers, CVVs, or financial credentials on our local servers. Payments are tokenized immediately using secure handshakes.

  • PCI-DSS Level 1 Compliant payment processing gateways.
  • Encrypted token routing for one-time authorizations.
  • Support for Apple Pay, Google Pay, and secure credit cards.
  • Integrated fraud prevention monitoring on suspicious checkouts.
03

Account Security & MFA

Access to user profiles, past orders, and clinical consultation records requires strict session validation:

Session Invalidation

Sessions are automatically terminated after 15 minutes of inactivity to prevent unauthorized access from shared computers.

Administrative Protections

All pharmacist and administrator accounts are secured via multi-factor authentication (MFA) and isolated behind restricted role permissions.

04

Responsible Disclosure

We welcome reports from ethical hackers and security researchers to help keep our systems secure. If you discover a vulnerability, please reach out directly:

Security Disclosure Policy:

  • Provide a detailed write-up with reproducible steps or a proof of concept.
  • Do not access or modify data belonging to other users.
  • Do not perform denial-of-service (DoS) or brute force attacks.
  • We aim to acknowledge receipt of reports within 24 hours.

Trust Operations Center

Our infrastructure is continuously audited and scanned for compliance. We follow industry best practices to ensure that your healthcare records remain confidential.