[{"data":1,"prerenderedAt":424},["ShallowReactive",2],{"component-site":3,"component-header":22,"page-security":33,"component-footer":357,"component-nav":414},{"id":4,"extension":5,"meta":6,"softwareApp":7,"stem":18,"webSite":19,"__hash__":21},"componentSite\u002Fcomponents\u002Fsite.yml","yml",{},{"name":8,"applicationCategory":9,"description":10,"operatingSystem":11,"offer":12},"Licentio","HealthApplication","Licentio validates your supervised experience hours against California BBS requirements for LCSW, LMFT, and LPCC licensure.","Web, iOS, Android",{"description":13,"price":14,"priceCurrency":15,"availability":16,"priceValidUntil":17},"Free during beta. $79\u002Fyear after launch.","79.00","USD","https:\u002F\u002Fschema.org\u002FPreOrder","2027-12-31","components\u002Fsite",{"name":8,"description":20},"Track supervised clinical hours toward California licensure with real-time BBS rule validation.","kwgoYI8zbNYRQy1q22rh_1wLZHv2iK-vHaiAlzdDhEU",{"id":23,"cta":24,"extension":5,"logoAlt":8,"meta":30,"stem":31,"__hash__":32},"componentHeader\u002Fcomponents\u002Fheader.yml",{"label":25,"to":26,"color":27,"variant":28,"size":29},"Join the Beta","\u002F#waitlist","primary","solid","sm",{},"components\u002Fheader","hkAyLP7lXuv0EoGvv44cax2LYgvc3n5xgWaDTaeyHaM",{"id":34,"title":35,"body":36,"description":348,"effectiveDate":349,"extension":350,"lastUpdated":349,"meta":351,"navigation":352,"path":353,"seo":354,"stem":355,"__hash__":356},"pageSecurity\u002Fpages\u002Fsecurity.md","Security",{"type":37,"value":38,"toc":331},"minimark",[39,44,48,52,55,113,121,125,131,135,142,145,162,165,169,175,201,205,210,231,235,255,259,262,276,282,286,303,307,312],[40,41,43],"h2",{"id":42},"_1-our-security-commitment","1. Our Security Commitment",[45,46,47],"p",{},"Licentio processes clinical licensure evidence, supervisory records, and user-identifiable account data. That data represents years of professional progress, and its integrity matters to the people who depend on it. We treat security as a first-class operational concern, not a feature. Our approach is defense in depth: least-privilege access controls at every layer, encryption in transit and at rest, sub-processor discipline, and a small, auditable attack surface. We do not overclaim. Where our program is still maturing, we say so.",[40,49,51],{"id":50},"_2-current-program-at-beta-stage","2. Current Program at Beta Stage",[45,53,54],{},"Licentio is in pre-launch beta as of April 2026. The following controls are in place today:",[56,57,58,66,72,78,90,96,107],"ul",{},[59,60,61,65],"li",{},[62,63,64],"strong",{},"Transport encryption."," All traffic between your device and our servers is encrypted using TLS 1.2 or higher. We do not support plaintext connections.",[59,67,68,71],{},[62,69,70],{},"Encryption at rest."," All structured data stored in our managed PostgreSQL database (Neon) is encrypted at rest. Database backups are encrypted at rest in AWS.",[59,73,74,77],{},[62,75,76],{},"Credential storage."," Passwords are hashed using Argon2id and are never stored in plaintext. We also support OAuth authentication through Google and Apple, which avoids password storage entirely for users who choose those methods.",[59,79,80,83,84,89],{},[62,81,82],{},"Session isolation."," Authentication tokens are namespaced between administrative and consumer contexts. Session tokens are first-party, HttpOnly, Secure, and SameSite=Lax (see our ",[85,86,88],"a",{"href":87},"\u002Flegal\u002Fcookie-policy\u002F","Cookie Policy"," for details).",[59,91,92,95],{},[62,93,94],{},"Logging and monitoring."," Server logs (IP addresses, request timestamps, error diagnostics) are retained in AWS CloudWatch for 90 days. Product analytics and error tracking are collected through PostHog, configured in cookieless mode with settings intended to avoid persistent device identifiers.",[59,97,98,101,102,106],{},[62,99,100],{},"Sub-processor controls."," Our sub-processor inventory is disclosed in the ",[85,103,105],{"href":104},"\u002Flegal\u002Fprivacy-policy\u002F#_42-with-service-providers","Privacy Policy, Section 4.2",". Each provider operates under a data processing agreement that limits how your data can be used.",[59,108,109,112],{},[62,110,111],{},"Authorization model."," Capability-based authorization ensures users can only access data they are permitted to see. Audit logging covers authentication events, licensure record modifications, shared events, role changes, and administrative actions.",[45,114,115,116,120],{},"We do not currently hold SOC 2, HIPAA, or HITRUST attestations. We plan to pursue a SOC 2 Type II audit as the product moves toward general availability, and we will update this page when that process begins. For clarity on our relationship to HIPAA, see the ",[85,117,119],{"href":118},"\u002Flegal\u002Fprivacy-policy\u002F#_53-no-hipaa-business-associate-relationship","Privacy Policy, Section 5.3",".",[40,122,124],{"id":123},"_3-sub-processors","3. Sub-Processors",[45,126,127,128,130],{},"Our ",[85,129,105],{"href":104}," is the canonical list of sub-processors, including the data each provider processes and the purpose of the engagement. We maintain that list as the single source of truth and update it when sub-processors change. If we add a new sub-processor that processes personal information, we will update the Privacy Policy and note the change in our policy revision history.",[40,132,134],{"id":133},"_4-reporting-a-vulnerability","4. Reporting a Vulnerability",[45,136,137,138,120],{},"If you discover a security vulnerability in Licentio, please report it to ",[85,139,141],{"href":140},"mailto:security@licent.io","security@licent.io",[45,143,144],{},"To help us triage your report effectively, please include:",[56,146,147,150,153,156,159],{},[59,148,149],{},"A description of the vulnerability and its potential impact",[59,151,152],{},"Reproduction steps or a proof of concept",[59,154,155],{},"The affected URL, endpoint, or application screen",[59,157,158],{},"Your suggested severity (critical, high, medium, low)",[59,160,161],{},"Your preferred contact information so we can follow up",[45,163,164],{},"We ask that reporters use their real identity or a durable pseudonym so we can communicate about the finding through resolution. Anonymous reports are accepted, but we may be unable to provide status updates or credit without a way to reach you.",[40,166,168],{"id":167},"_5-what-we-commit-to-in-response","5. What We Commit to in Response",[45,170,171,172,174],{},"When you report a vulnerability to ",[85,173,141],{"href":140},", we commit to the following:",[56,176,177,183,189,195],{},[59,178,179,182],{},[62,180,181],{},"Acknowledgement within 3 business days."," We will confirm receipt of your report and let you know it has been assigned for review.",[59,184,185,188],{},[62,186,187],{},"Initial triage within 10 business days."," We will provide an initial assessment of the finding, including whether we have been able to reproduce it and our preliminary view of severity.",[59,190,191,194],{},[62,192,193],{},"Ongoing communication."," We will keep you informed of meaningful progress through remediation. If a fix takes longer than expected, we will let you know why.",[59,196,197,200],{},[62,198,199],{},"Credit."," With your consent, we will credit you by name or handle in a security acknowledgements section on this page. Credit is optional and at your discretion.",[40,202,204],{"id":203},"_6-scope","6. Scope",[206,207,209],"h3",{"id":208},"in-scope","In Scope",[56,211,212,223,228],{},[59,213,214,218,219,222],{},[215,216,217],"code",{},"licent.io"," and ",[215,220,221],{},"*.licent.io"," subdomains operated by Kaweah Tech (including api, app, and related services)",[59,224,225],{},[215,226,227],{},"licentio.io",[59,229,230],{},"The Licentio iOS and Android applications (when released)",[206,232,234],{"id":233},"out-of-scope","Out of Scope",[56,236,237,240,243,246,249,252],{},[59,238,239],{},"Infrastructure operated by our sub-processors (AWS, Neon, Stripe, PostHog, Amazon SES). Vulnerabilities in those platforms should be reported to the respective provider.",[59,241,242],{},"Social engineering or phishing attacks against Kaweah Tech personnel",[59,244,245],{},"Denial-of-service testing or volumetric attacks",[59,247,248],{},"Physical security",[59,250,251],{},"Attacks that require a rooted or jailbroken device",[59,253,254],{},"Any testing that would violate applicable law",[40,256,258],{"id":257},"_7-safe-harbor","7. Safe Harbor",[45,260,261],{},"We will not pursue legal action or refer to law enforcement any good-faith security research that complies with this policy. Good-faith research means the researcher:",[56,263,264,267,270,273],{},[59,265,266],{},"Does not access or exfiltrate user data beyond the minimum necessary to demonstrate the finding",[59,268,269],{},"Does not degrade, disrupt, or deny service to other users",[59,271,272],{},"Gives us reasonable time to remediate before public disclosure (we request 90 days by default, but we will negotiate a shorter window if circumstances warrant it)",[59,274,275],{},"Complies with all applicable laws",[45,277,278,279,281],{},"If you are uncertain whether your research falls within these boundaries, contact ",[85,280,141],{"href":140}," before proceeding. We would rather answer a question than lose a report.",[40,283,285],{"id":284},"_8-out-of-scope-for-this-program","8. Out of Scope for This Program",[45,287,288,289,293,294,298,299,120],{},"This page covers security vulnerabilities only. For product feature requests, billing questions, or general support, contact ",[85,290,292],{"href":291},"mailto:support@licent.io","support@licent.io",". For privacy rights requests (access, correction, deletion, export), contact ",[85,295,297],{"href":296},"mailto:legal@licent.io","legal@licent.io"," as described in our ",[85,300,302],{"href":301},"\u002Flegal\u002Fprivacy-policy\u002F","Privacy Policy",[40,304,306],{"id":305},"_9-contact","9. Contact",[45,308,309,310,120],{},"For security reports and questions about this policy, contact ",[85,311,141],{"href":140},[45,313,314,315,319,320,319,322,326,327,120],{},"Licentio is operated by Zachary Cardoza, doing business as Kaweah Tech. For our full legal framework, see the ",[85,316,318],{"href":317},"\u002Flegal\u002F","Legal Overview",", ",[85,321,302],{"href":301},[85,323,325],{"href":324},"\u002Flegal\u002Fterms-of-service\u002F","Terms of Service",", and ",[85,328,330],{"href":329},"\u002Flegal\u002Fdata-retention\u002F","Data Retention Policy",{"title":332,"searchDepth":333,"depth":333,"links":334},"",2,[335,336,337,338,339,340,345,346,347],{"id":42,"depth":333,"text":43},{"id":50,"depth":333,"text":51},{"id":123,"depth":333,"text":124},{"id":133,"depth":333,"text":134},{"id":167,"depth":333,"text":168},{"id":203,"depth":333,"text":204,"children":341},[342,344],{"id":208,"depth":343,"text":209},3,{"id":233,"depth":343,"text":234},{"id":257,"depth":333,"text":258},{"id":284,"depth":333,"text":285},{"id":305,"depth":333,"text":306},"Licentio's security posture, responsible disclosure process, and contact information for reporting vulnerabilities.","2026-04-17","md",{},true,"\u002Fpages\u002Fsecurity",{"title":35,"description":348},"pages\u002Fsecurity","BZ8-lCBUYxbARsJ9cZVCOifTk1MzOmdWntmKv-AzuGQ",{"id":358,"columns":359,"extension":5,"meta":397,"social":398,"stem":411,"tagline":412,"__hash__":413},"componentFooter\u002Fcomponents\u002Ffooter.yml",[360,375,387],{"heading":361,"links":362},"Product",[363,366,369,372],{"label":364,"to":365},"Features","\u002Ffeatures\u002F",{"label":367,"to":368},"Pricing","\u002Fpricing\u002F",{"label":370,"to":371},"For Supervisors","\u002Forganizations\u002F#supervisors",{"label":373,"to":374},"For Organizations","\u002Forganizations\u002F",{"heading":376,"links":377},"Company",[378,381,384],{"label":379,"to":380},"About","\u002Fabout\u002F",{"label":382,"to":383},"Field Notes","\u002Ffield-notes\u002F",{"label":385,"to":386},"Contact","\u002Fabout\u002F#contact",{"heading":388,"links":389},"Legal",[390,392,393,394,395],{"label":391,"to":317},"Overview",{"label":325,"to":324},{"label":302,"to":301},{"label":88,"to":87},{"label":396,"to":329},"Data Retention",{},[399,403,407],{"label":400,"href":401,"icon":402},"LinkedIn","https:\u002F\u002Flinkedin.com\u002Fcompany\u002Flicentio","ph:linkedin-logo-duotone",{"label":404,"href":405,"icon":406},"Instagram","https:\u002F\u002Finstagram.com\u002Flicentio","ph:instagram-logo-duotone",{"label":408,"href":409,"icon":410},"Facebook","https:\u002F\u002Ffacebook.com\u002Flicentio","ph:facebook-logo-duotone","components\u002Ffooter","Confidence at every step toward licensure.","VYUqTQjAHKhHzSt_LIkUpGIrRi5J-CzcF76488bmDao",{"id":415,"extension":5,"links":416,"meta":421,"stem":422,"__hash__":423},"componentNav\u002Fcomponents\u002Fnav.yml",[417,418,419,420],{"label":364,"to":365},{"label":373,"to":374},{"label":367,"to":368},{"label":379,"to":380},{},"components\u002Fnav","4DKFHcTTiGbB9D_lO_-E7gQt-D6mbEtm4JL6Hau88sI",1776530699185]