Assuming that I’m using a REST API to call my collections, is using the Xano AUTH plugin HIPAA compliant? We’re using a user table in Xano as our authentication method.
It should be, the Xano plugin is just an utility, so it doesn’t handl/store any data, it is just an abstraction on top of your browser’s tooling to interact with Xano so that you don’t have to go through all of the hassle.
1 Like
@Broberto so is using the Xano Plugin also HIPAA compliant? Like will any data ever cross through WeWeb’s servers (if using Dynamic mode, not Static or Cached)?
If you use dynamic, then no, no data will touch WeWeb’s server
3 Likes
Correct. The Xano plugin is only used to let you seamlessly connect with your Xano workspace (using the Metadata API key).
When used in dynamic mode, the calls to your Xano endpoints from WeWeb are made directly. The data does not pass through the WeWeb infrastructure.
So not only does PHI not get stored in the WeWeb system, it doesn’t even pass through it - that is why we don’t sign HIPAA BAAs because they are not relevant to us.
3 Likes
Hi @Slavo! Thank you so much for your answer. One quick follow up question, on your documentation here is says:
If you use a HIPAA-compliant backend and call it through our REST API plugin, in dynamic mode, your data will not transit through our product, making the whole project HIPAA compliant.
Based on your answer though, it sounds like the native Xano plugin (or Supabase) is also HIPAA compliant as long as it’s in dynamic mode. So is the documentation talking about a different use case, such as using another HIPAA compliant backend that doesn’t have a native integration? Appreciate it 