Security & Compliance

Presto is designed for healthcare environments where trust, data protection, and compliance are non-negotiable. This page provides an overview of our security posture for IT teams evaluating Presto for their organization.

Presto is HIPAA compliant. A Business Associate Agreement is executed prior to using the system.

• All access to Protected Health Information is explicitly audit-logged with user identity, timestamp, and resource details
• Audit logs are maintained separately from operational logs to support compliance review
• Legal documents (BAA and Terms of Use) are version-tracked with effective dates

All data in transit is encrypted using modern TLS:

• TLS 1.2 minimum, with TLS 1.3 preferred
• HTTPS enforced on all endpoints with automatic HTTP-to-HTTPS redirection
• Secure session and CSRF cookies
• No plaintext fallback — HTTP connections are never used for data transmission

• Database storage encrypted with AES-256
• Infrastructure state files stored with server-side encryption
• Container and cache storage encrypted at rest

Presto uses a passwordless authentication model — no passwords are stored or transmitted:

• Users receive a one-time code via email to log in
• Codes expire after 15 minutes with a maximum of 3 attempts
• Email verification is mandatory before account activation
• API clients authenticate via OAuth 2.0 with PKCE (Proof Key for Code Exchange)

User permissions are enforced with role-based access control (RBAC), scoped to each organization:

Role	Access
End User	Personal settings only
Organization Admin	Organization-wide settings and user management
Support Staff	Full configuration access with audit trail

Staff-only views are protected at the application layer. All access follows the principle of least privilege.

Each organization’s data is isolated at the database level with no cross-tenant query path.

Presto is hosted on Amazon Web Services (AWS) with isolated accounts for development and production environments. Key infrastructure controls include:

• Network isolation with private subnets for application services, databases, and caching
• Web Application Firewall (WAF) with OWASP Top 10 protections, rate limiting, and IP reputation filtering
• Secrets management for database credentials and API keys — never stored in code
• Container image scanning for vulnerability detection on every build
• Infrastructure as code with state locking for integrity

• Structured JSON logging with automatic export to centralized log management
• Every log entry includes timestamp, user ID, tenant ID, event type, and request ID
• Error tracking and triage via Sentry
• Application metrics monitored via Prometheus and Grafana dashboards

The application enforces standard security headers:

• X-Content-Type-Options: nosniff
• X-Frame-Options: DENY (prevents clickjacking)
• CSRF protection on all state-changing requests
• Bot protection via reCAPTCHA on public-facing forms

Presto Desktop installs to the current user’s local application directory (%LOCALAPPDATA%) — no administrator privileges are required. Users can download and install Presto themselves from app.presto.run/download/, or IT can manage deployment across a fleet using silent install flags with tools like Intune or SCCM. See the Installer Guide for deployment options and flags.

Presto Desktop is signed with a DigiCert Extended Validation (EV) code signing certificate, providing the highest level of publisher identity assurance. The EV certificate establishes immediate trust with Windows SmartScreen, eliminating “unknown publisher” warnings.

• The installer, main executable, and bundled libraries are individually signed
• Signatures are timestamped to remain valid beyond certificate expiry

Software updates are delivered over HTTPS and verified before installation:

• Every update is cryptographically signed using Ed25519 digital signatures
• The update client verifies both the signature and file integrity (SHA-256) before applying any update
• IT administrators can disable automatic updates via installer flags (see Installer Guide)

• No secrets bundled in the application — all authentication and API access is handled by the backend
• OAuth tokens are stored in the OS-native credential store (Windows Credential Manager, macOS Keychain)
• Clinical data is never persisted locally
• TLS certificate validation uses the OS-native certificate store, ensuring compatibility with corporate proxies and VPN environments

Layer	Control
Compliance	HIPAA compliant with executed BAA, PHI audit logging
Encryption in transit	TLS 1.2+ (HTTPS-only, no plaintext)
Encryption at rest	AES-256
Authentication	Passwordless one-time codes, OAuth 2.0 with PKCE
Authorization	Role-based access control with tenant isolation
Data isolation	Database-level schema separation per organization
Infrastructure	AWS with isolated accounts, WAF, secrets management
Desktop distribution	DigiCert EV code signing, Ed25519 update verification
Monitoring	Structured audit logging, error tracking, metrics dashboards

---

For questions about Presto’s security posture or to request a more detailed security assessment, contact your Presto account representative.