Logo

DigitalCabinet

Loading...

Platform Architecture

A regulated research infrastructure platform built for participant-driven data ecosystems. Not a survey tool with compliance bolted on.

HIPAA Aligned

GDPR Aligned

NIST AI RMF Compliant

Identity & Consent Infrastructure

Identity and consent are not features layered on top. They are foundational primitives that the entire system is built around.

Auth0-based identity with per-tenant configuration

Multi-role system: participants, clinicians, caregivers, admins

Subject matching ensures participants can only access their own data

Registry-level consent: platform-wide, IRB-approved baseline applied at enrollment

Study-scoped consent with independent versioning per protocol

eSignature capture stored as cryptographically verified PNGs

Caregiver consent on behalf of dependents

Consent audit trail with full version history

Data Infrastructure

Every organization operates in a virtual private environment. There is no shared database, no commingled storage, and no cross-tenant access.

Virtual private environment per organization

Per-tenant encryption keys (Fernet) managed independently

Isolated storage paths: DigitalCabinet/<groupName>/...

Physical and cryptographic separation between tenants

Atomic writes via write-to-temp, fsync, os.replace

Encrypted survey responses stored in per-participant folders

Chunked upload support for large files (genomics, imaging)

Origin validation via AUTH0_TENANT_MAP

Study & Workflow Engine

Studies are first-class objects with their own enrollment rules, consent flows, surveys, and data collection pipelines.

Configurable studies with enrollment limits

Study-scoped surveys and file upload requests

Survey builder with branching logic, gating, and prerequisites

Multi-language survey variants with auto-selection

Role-based data collection: participant self-report, clinician about-participant, caregiver about-dependent

Family enrollment bundles (caregiver + dependents)

Action logging per participant

Governance & Compliance

Compliance is not a checklist bolted on at the end. It is enforced at every layer of the stack, from network ingress to data retrieval.

HIPAA and GDPR aligned architecture

NIST AI RMF compliance

Per-request audit logging at participant and group level

Three-layer auth: gateway secret + JWT identity + role check

Signed download URLs with HMAC-SHA256

Participant rights: view, download, delete, revoke consent

Rate limiting per blueprint (Flask-Limiter v3)

Extension validation on all file uploads

Trust Center

Detailed documentation on our security posture, SOC 2 controls, and compliance program.

Visit Trust Center

See It In Action

Schedule a walkthrough with our team. We will show you the platform, answer your technical questions, and scope a deployment for your organization.

Request a Demo