Security Commitments


Acid Remap LLC (“Acid Remap”) strives to provide, at a minimum, industry-standard security for all of our customers throughout all of our processes.

Maintenance and uptime reporting

Minor security patches are performed on an ongoing, automatic basis by our cloud provider for the platform infrastructure. The public-facing web server runs updates every one to two weeks.

Application releases are performed as-needed, usually once or twice a month.

Any critical security updates for zero-day exploits or other highly time-sensitive updates are performed as close to immediately as possible.

Maintenance windows and overall system status are always available on the Acid Remap status page:

Software, hardware, and remote access

Acid Remap LLC does not provide any hardware, nor do we require any remote or physical access to client locations or data centers.

Acid Remap instances are patched on a weekly basis, with the exception of our bastion hosts which are patched immediately on boot and terminated when not actively in use.

Data and encryption

  • All data on Acid Remap servers encrypted at rest using managed keys.
  • All network traffic is encrypted using a minimum of TLS 1.2.
  • Data on the end-user’s device is encrypted using default iOS and Android encryption. It is up to the client and their users to enforce good security practices for users’ devices.
  • Acid Remap only uses data centers in the United States except as otherwise specifically required by a client. Therefore, unless otherwise specified by a client, all data is stored in the United States.
  • Data is maintained for the benefit of the client for a minimum of 7 years after publication. Data can be destroyed after the expiration of this 7-year period on request. Destruction of data on a shorter time-frame is available for Enterprise-model clients.
  • Data is logically isolated between clients by Acid Remap’s code. Isolation in a separate VPC is available for Enterprise-model clients.

Password and account policies

Acid Remap Cloud Service Provider (CSP) Accounts

Acid Remap trains our employees to use strong, safe, and unique passwords, emphasizing the benefits of password managers. Multi-factor authentication (MFA) is required for Administrators with direct access to client data via the CSP.

Acid Remap will promptly revoke access to any terminated employees and will conduct a quarterly review to ensure that no users have been missed.

End User Accounts

End user passwords are required to pass several validators, providing a sensible balance between security/guessability and usability.

End user accounts require verification of emails via an automatically generated verification link.


Acid Remap does not store or accept PHI or PCI. We are not HIPAA compliant at this time and cannot sign a Business Associate Agreement.

Contact with Concerns

If you have any concerns or questions about security, please email us.

Available Protocols

Loading protocols…

*Available in the free PPP Agency® Version

Don't see a protocol you need?
Request it.

Download the PPP Agency® app for iOS or Android:

Available on the App Store Get It on Google Play

Download the Paramedic Protocol Provider® app for iOS or Android:

Available on the App Store Get It on Google Play

Download the custom agency app for iOS or Android:

Available on the App Store Get It on Google Play

To download the app, redeem this unique promo code:

(No codes currently available)

Or click here to redeem the code and download the app right now »

You can [also] redeem this code in the App Store app, at the bottom of the Apps tabs.