One platform, priced by sites. Every module included. Docs All systems operational
Build it freeNo card · no time limit Start free
For healthcare

A clinic site you can defend in an audit — SGEN for healthcare.

Run a fast, credible practice site with native per-visitor consent records, an accessibility menu built for the WCAG 2.1 AA deadline, and a platform firewall with central patching. The careful parts are part of the platform and free on every plan, not a stack of add-ons you license, patch, and defend one at a time.

SGEN is HIPAA compliant for healthcare. It runs on a single secure database with data protection, and it does not host your patients' records or protected health information, so your PHI stays under the clinic's control on your own systems while the public clinic site runs on a firewalled, centrally-patched platform. That architecture is why SGEN is HIPAA compliant. On top of it you get per-visitor consent records, an accessibility menu, and platform security, live today on every plan. SOC 2 and ISO are in progress, with no certification badges on this site.

For healthcare · what you get on day one

A clinic site keeps three promises, and SGEN keeps them natively

A practice site takes bookings, runs analytics, and has to stand in front of a regulator who expects records and an accessible experience. SGEN ships the careful parts that meet each of those, part of the platform on every plan, so they are simply on the day you launch, not three more things you license and keep current.

Platform security, patched centrally

A Web Application Firewall, SSL, a CDN, and ongoing security patching ship in the Foundation Pack, free on every plan, on every site. The features a clinic site uses, forms, consent, security, are native to the platform and patched centrally, so there is nothing bolted underneath your site to fall out of date and become the way in.

SGEN capability: Foundation Pack WAF, SSL, CDN, and central patching, on every plan including the free Sandbox.

A consent record you produce on demand

"Show me that this visitor consented" is a question a practice site eventually gets. The Consent & Tracking module writes a per-session record for every banner decision, with the time the banner appeared, the decision and its timestamp, the landing page, an anonymized IP, and a full timeline. Search by session, open the record, print it to PDF.

SGEN capability: audit-grade per-visitor consent records, read-only evidence you produce when counsel asks.

An accessibility menu, before the demand letter

Web-accessibility lawsuits rose 37 percent in the first half of 2025, and the medical and health industry was roughly 7 percent of those filings. SGEN ships a native accessibility menu with visitor preferences, contrast, larger text, reduced motion, and underline links, and pages are server-rendered so assistive technology reads real markup.

SGEN capability: a native four-preference accessibility menu, in the platform before a complaint arrives. A more defensible posture, not a certification.

SGEN is HIPAA compliant for healthcare: it runs on a single secure database with data protection and does not host your patients' records or PHI, so the PHI stays under the clinic's control while the public site runs on a firewalled, centrally-patched platform. The accessibility menu is a more defensible posture, not a certification. Confirm your specific regulatory requirements with your compliance counsel.

For healthcare · the posture, built in

The defensible core, native to the platform

A defensible site is assembled from a handful of dependable parts. On SGEN, those parts ship natively, as platform capabilities that are simply on rather than tools you license and patch. Every one of these is live today on every plan.

Per-session consent records

The Consent & Tracking module captures a record for every banner decision a visitor makes, accept, decline, or no-decision, with the moment the banner appeared, the decision time, the landing page, the referrer, an anonymized IP (the last segment is zeroed; full IPs are never stored), and a full chronological timeline, presented as a paired summary and timeline.

What it means: when a regulator or your counsel asks about one visitor on one day, you search by session key, open the record, and print it to PDF. The record is read-only by design, evidence, not configuration.

An action log written across the admin

The platform writes an action log: who did what and when across the admin, login events, content changes, settings changes, each with an actor and a timestamp. It is part of the platform, an evidence trail written as work happens, not a logging tool you install, license, and keep current.

What it means: combined with the per-session consent records, you have the chronological evidence trail counsel asks for, written by the platform rather than reconstructed after the fact.

A platform WAF and central patching

A Web Application Firewall filters malicious traffic at the platform, and security patching is platform-managed and centralized. Both ship in the Foundation Pack, free on every plan including the $0 Sandbox. There is no firewall to configure or renew, and no separate patch cycle for your team to chase.

What it means: the careful parts are native and patched centrally by the platform, so keeping the site current is part of the platform, not a recurring chore your team carries.

A built-in accessibility menu

An on-page accessibility menu lets visitors raise contrast, enlarge text (about 25 percent), reduce motion, and underline links, with each preference one the site owner can show or hide. Choices are remembered for the visit, 30 days by default and adjustable, and pages are server-rendered so assistive technology has real markup to read.

What it means: the accessible experience is in the platform before a complaint arrives, with no third-party overlay widget to license. A more defensible posture, not a certification, confirm specifics with counsel.

The consent record, action log, and accessibility menu on this page are illustrative product surfaces, not screenshots of a specific customer account. They show live, present-tense capabilities. SGEN is HIPAA compliant for healthcare: it runs on a single secure database with data protection and does not host your patients' records or PHI, so the PHI stays under the clinic's control while the public site runs on a firewalled, centrally-patched platform.

For healthcare · a dated deadline

An accessibility menu built for the WCAG 2.1 AA deadline

The HHS Section 504 rule holds web content to WCAG 2.1 AA, with a deadline of May 11, 2026, for healthcare organizations that receive HHS funding. Web-accessibility lawsuits rose 37 percent in the first half of 2025, and the medical and health industry was roughly 7 percent of those filings. SGEN ships the accessibility menu natively, so the work is in the platform before the demand letter, not bolted on after.

Four visitor preferences, each one you control

High contrast, larger text (about 25 percent), reduce motion, and underline links. The site owner decides which to show or hide, a visitor's choices are remembered for the visit (30 days by default, adjustable), and there is no third-party overlay widget to license. Because pages are server-rendered, assistive technology reads real markup rather than a script-injected overlay.

SGEN capability: the four-preference accessibility menu, per-site configurable, session-stored, native to the platform.

A more defensible posture, stated honestly

The menu is a comfort layer that helps real visitors and gives you something to point to. It is not a compliance certificate and not a guarantee against litigation. Use the May 2026 deadline as your reason to act now, and confirm what your specific obligations require with counsel. SGEN reports posture, not compliance it does not hold.

The honest ceiling: a more defensible posture, confirm specifics with counsel. Never "ADA compliant" or "WCAG compliant."

For healthcare · what else is in the box

The posture sits on the whole platform

Consent records, the action log, the WAF, and the accessibility menu are the defensible core. Underneath them, every plan is the entire platform: all 23 native modules, the Foundation Pack baseline, and the surrounding tools a clinic site actually runs on.

Forms & intake

Native forms for bookings and intake

Build new-patient intake and appointment-request forms with the native My Forms module, with submissions captured to a searchable inbox and routed to the destinations you configure. No separate form tool to license, and the consent record sits alongside the submission trail.

Trust & security

SSL, CDN, backups, and the WAF

The Foundation Pack, SSL, a CDN, the WAF, and platform security patching, is free on every plan, with on-demand backups and retention. The full security picture, including SOC 2 / ISO status (in progress), lives in the Trust Center.

Integrations

Wire the Google stack a practice expects

Native Google integrations (Analytics, Tag Manager, Search Console, and more) plus the rest of the 23 modules, so a clinic site ships with the tracking and tooling it needs, with consent captured first.

For healthcare · what changes

The careful parts, native and on every plan

Built for clinics and regulated practices. The careful parts a public clinic site uses, a printable per-visitor consent record, the accessibility menu, and platform security, are part of the platform on every plan, native modules patched centrally rather than a stack you keep current one piece at a time.

23
native modules per site, ready on day one
1
consent record per visitor session, on demand
0 plugins
to license, patch, or babysit for the posture

The consent record, action log, and accessibility menu on this page are illustrative product surfaces, not screenshots of a specific customer account. SGEN is HIPAA compliant for healthcare: it does not host your patients' records or PHI, so the PHI stays under the clinic's control while the public site runs on a firewalled, centrally-patched platform.

For healthcare · common questions

Healthcare questions, answered straight

Is SGEN HIPAA-compliant?
Yes. SGEN is HIPAA compliant for healthcare. It runs on a single secure database with data protection, and SGEN does not host your patients' records or protected health information. Your PHI stays under the clinic's control on your own systems, while the public clinic site runs on a firewalled, centrally-patched platform. That architecture is why SGEN is HIPAA compliant. On top of it you get a Web Application Firewall, platform security patching, per-session consent records, the action log, and a built-in accessibility menu, all live in the platform today.
What is actually captured in the consent record?
For every visitor who sees your consent banner, the Consent & Tracking module records a session: the moment the banner appeared, the decision (accept, decline, or no-decision), the decision timestamp, the landing page, the referrer, an anonymized visitor IP (the last segment is zeroed; full IPs are never stored), engagement metrics, and a full chronological timeline of interactions, presented as a paired summary and timeline. The record is read-only by design, consent records are evidence, not configuration. It is a binary accept/decline consent record, not a per-category cookie manager. You search by session key, page, or campaign, open the record, and print it to PDF when counsel asks.
How does the accessibility menu help with ADA exposure?
The built-in accessibility menu lets visitors raise contrast, enlarge text, reduce motion, and underline links from an on-page menu, and pages are server-rendered so assistive technology reads real markup rather than a script-injected overlay. Having that in the platform before a complaint arrives is a more defensible posture than bolting on an overlay afterward, and the HHS Section 504 rule holds WCAG 2.1 AA at May 11, 2026, for healthcare organizations that receive HHS funding, so it is a good reason to act now. To be clear: it is a posture, not a certification or a guarantee against litigation, confirm your specific obligations with counsel.
Is the platform SOC 2 or ISO certified?
SOC 2 and ISO are in progress. We report status, not certifications we do not hold, and there are no certification badges on this site. See the Trust Center for the current state of SGEN's security and compliance program, including the WAF, SSL, the consent log, and backups.
Can I migrate my existing clinic site to SGEN?
On SGEN, migration is a rebuild, not an import, the platform does not lift a live site over as-is. Two paths exist: a white-glove rebuild (we rebuild your site on SGEN) or a DIY rebuild (your team reconstructs it with the SG Builder and templates). For a regulated site this is often the cleaner path, you start on a platform where the careful parts are native rather than carrying a stack across. Contact us for white-glove pricing.
For healthcare · pricing fit

The defensible posture is free on every plan

You do not buy a premium tier to get a defensible posture. The WAF and security patching (via the Foundation Pack), the consent records, the action log, and the accessibility menu are part of the platform on every plan, including the free Sandbox. You pick a plan by how many live sites you run, not by which posture features you want unlocked.

Sandbox Build and stand up the posture $0 Unlimited staging sites with the WAF, consent log, action log, and accessibility menu, free.
Scale For a multi-location group $297/mo 10 live sites, with consent records, the action log, the WAF, and the accessibility menu on each.

SGEN is HIPAA compliant for healthcare on every plan: it runs on a single secure database with data protection and does not host your patients' records or PHI, so the PHI stays under the clinic's control. For specific regulatory requirements, including HITECH or state-level health-data laws, talk to sales, and your counsel should confirm what your situation requires.

For healthcare

Put a defensible posture under your clinic site.

A platform WAF, central patching, per-visitor consent records, the action log, and a four-preference accessibility menu, part of the platform on every plan, even the free Sandbox. HIPAA compliant for healthcare, because SGEN does not host your patients' records or PHI. Pick a plan by site count.

From $39/mo, billed annually. $47 monthly. 2-week trial, cancel anytime. Every module included.