Security

Security and trust status

Consulta is built for practical trust: clients need to know where their booking, payment, calendar handoff, notification, and video access data goes. This page states what is live, what is protected by design, and what is still gated.

MoneyPayment proof is server-side

Bookings confirm from Consulta server state, not from browser-only return pages.

AccessLinks are scoped

Clients use confirmation passes and Beam join links without exposing raw dashboard access.

HonestyNo unproven claims

WOP, SMTP, live payments, connected calendars, and regulated-use guarantees stay gated until proven.

Payments and card data

Consulta keeps payment creation and confirmation on the server. Browser redirects and return pages are treated as navigation only; a paid booking becomes confirmed only after trusted server-side payment status.

  • Consulta does not collect or store card numbers.
  • Payment provider tokens stay server-side in the API service.
  • Simulator checkout remains separate from live payment-provider proof.

Client access and recovery

Booking recovery is intentionally narrow. Access-link lookups use the booking contact, failed lookups stay generic, and clients are routed back to the confirmation pass as the durable handoff.

  • Confirmation passes avoid requiring a full password account for MVP clients.
  • Booking-ID recovery remains a fallback when a client has the reservation reference.
  • Private booking records, provider refs, and dashboard routes are not public discovery targets.

Video links

Beam join access is tokenized and product-agnostic. Consulta should not put consulting notes, payment data, or private booking fields into Beam room contracts.

  • Pre-join checks keep camera, microphone, name, and device selection in the browser flow.
  • Expired or invalid join links route to recovery instead of exposing room internals.
  • Final real-device and 30-minute media proof remain acceptance gates.

Provider integrations

Notification delivery and payment links use adapters so WOP, SMTP, and Silvatech Payments credentials stay out of the web app. Live delivery remains gated until credentials and smoke proof exist.

  • Secrets belong in the API runtime only, never in browser bundles.
  • WhatsApp and email messages should point back to the same confirmation pass.
  • Provider failures must not invent payment proof or expose private tokens.

Regulated-use boundary

Consulta is not claiming HIPAA, PHI handling, SOC 2, ISO certification, or healthcare readiness in this MVP. Telemedicine or regulated skins need their own policy, consent, provider, and compliance work.

  • Do not enter regulated health information into generic booking notes.
  • Legal/privacy copy still needs final human approval before broad launch.
  • Connected calendar sync remains a later gate with its own access rules.
Security and trust | Consulta | Consulta