Your pharmacy data, protected at every layerNR1] jAyAo7hQ pvcuZ knMw1Kciq $3 jOT5o cTvBm

Your data is hosted on Amazon Web Services (AWS) in data centers located in the United States. All data is encrypted at rest and in transit.

Yes. Every pharmacy's data is completely isolated using strict database-level security policies. No other pharmacy can access your data, and no cross-pharmacy queries are possible.

Only your authorized staff, based on the roles you assign. Every action is logged in an immutable audit trail, so you always know who did what and when.

Yes. C2 Vault supports TOTP-based two-factor authentication (compatible with Google Authenticator, Authy, and similar apps) for both the pharmacy account and individual staff logins. Pharmacy administrators can also require all staff members to enable 2FA. Recovery codes are provided as a backup in case you lose access to your authenticator device.

2FA is optional by default, but we strongly recommend it — especially for accounts with access to controlled substance records. Pharmacy administrators can enforce 2FA for all staff members, which prompts anyone who hasn't set it up to do so on their next login.

When you enable 2FA, you receive 10 one-time recovery codes. You can use any of these to sign in without your authenticator app. We recommend saving them in a secure location. You can also regenerate new codes from the settings page at any time.

No. We use app-based TOTP codes only. SMS-based 2FA is vulnerable to SIM-swapping and interception attacks. App-based codes (Google Authenticator, Authy, etc.) are more secure, work offline, and have no per-message cost.

Yes. BAAs are available upon request. Contact us at support@c2vault.com.

We run automated daily backups with point-in-time recovery, continuous monitoring, and automated failover. Our infrastructure is designed for 99.9% uptime.

No. All payment processing is handled by Stripe. Your payment details never touch our servers.