Security is infrastructure,
not a checkbox.
Blackstar operates across three regulated industries — clinical healthcare, emergency trades, and executive logistics. The security architecture is not a layer added on top. It is the foundation the system is built on.
Zero-trust by default. HIPAA by design.
Every component of the Blackstar stack is built under the assumption that no layer is inherently trusted. Access is credentialed, scoped, and logged. Data never passes through shared infrastructure, scraped interfaces, or third-party relay services.
Clinical data processed through Blackstar meets HIPAA Technical Safeguard requirements. Business Associate Agreements are executed on day one, before any data is handled.
Access control, availability monitoring, and audit logging follow SOC 2 Type II control categories across the full system stack.
All integration traffic runs through isolated, credentialed endpoints. No shared credentials. No ambient access. Every connection is scoped to its specific pipeline.
Business Associate Agreements are generated and countersigned automatically at onboarding. No manual process. No gap between activation and compliance.
Native pipelines. No relays. No exceptions.
Every system of record Blackstar writes to has an official developer API. We use it. Credentials are scoped per client and stored in isolated vaults. Nothing is scraped. Nothing is bridged.
Open Dental
Patient appointment writes use Open Dental's official REST API with per-client OAuth tokens. No third-party relay. BAA is executed and on file before the first record is touched. All data is scoped to the client's own practice instance.
ServiceTitan
Job creation and dispatch token writes use ServiceTitan's official tenant API. Credentials are isolated per client. Housecall Pro integrations follow the same pattern — direct endpoint, no shared infrastructure, no ambient access to other tenants.
Limo Anywhere
Reservation manifests, zone tariffs, and dispatch assignments are written through Limo Anywhere's API with account-scoped credentials. Flight telemetry webhooks are registered per account and isolated from other fleet clients.
Isolated. Credentialed. Auditable.
Every data path through the Blackstar system is scoped, logged, and isolated to the client it belongs to.
Call recording and transcription
Call audio is transcribed and summarized within the client's isolated environment. Recordings are retained per the client's configured retention policy and are never accessible across accounts.
PHI handling
Protected health information collected during clinical intake calls is processed in a HIPAA-compliant pipeline. PHI is never logged to general application monitoring or passed to third-party analytics.
Credential storage
API keys and OAuth tokens are stored in isolated credential vaults, scoped per client. No credential is shared across accounts. Rotation is supported without system downtime.
Audit logging
Every ledger write, API call, and authentication event is logged with timestamp, scope, and outcome. Logs are retained for compliance review and are available to clients on request.
Security questions before you initialize?
We will walk through the full architecture, BAA terms, and integration credential model before any data is handled.