Skip to main content
LARCH
Sign up free

Document vault

Encrypted document vault for clinician credentials — organized, audit-logged, ready.

Every credential you hold has a paper trail attached: the license PDF, the DEA renewal receipt, the state CSR card, the CE/CME completion certificate. Larch keeps all of it in one encrypted vault, attached to the credential it belongs to — so renewal day means everything you need is already in one place.

Start uploading — freeRead about security →

What the vault gives you

Storage that matches the stakes.

  • Attached to the credential

    Files don't live in a generic dropbox — they attach to the license, DEA, CSR, or CE/CME entry they document. Renewal day, everything's in one click.

  • Encrypted at rest

    AES-256 encryption on our object store. Files are encrypted before they hit disk and decrypted only on signed-URL request.

  • Signed-URL access

    No public links. Every download URL expires after a short window. No one — not other Larch users, not search engines, not crawlers — sees your files without your active session.

  • Audit log

    Every read and write is timestamped, attributed to a user, and IP-stamped. If you ever need to prove who accessed a credential and when, the log is there.

  • HIPAA-grade posture

    Built on a HIPAA-eligible cloud. BAA available on request. Credential numbers and DEA registrations never appear in our logs in plaintext.

  • Easy export

    Pull all your files and the metadata as a single archive any time. Your data is yours — leaving Larch doesn't mean leaving your documents behind.

Why this matters

Credential data is sensitive. We treat it that way.

Your license number, your DEA registration, your NPI — these are identifiers that bad actors absolutely want. They’re used in fraudulent prescribing, billing schemes, and identity theft against clinicians every year. Larch’s job is to make tracking easier without creating a new place for that data to leak. The vault, the audit log, and the signed-URL access pattern are non-negotiable architecture, not features.

Common questions

What clinicians ask first.

What can I store in the vault?
Anything you'd be furious to lose: license PDFs, DEA renewal receipts, state CSR cards, CE/CME completion transcripts, training certificates, immunization records. Files attach to the credential they belong to, so when renewal day arrives, every supporting document is in one place.
How does the encryption work?
Files are encrypted at rest using AES-256 in our object store. Access happens via signed URLs that expire after a short window — never public links. Every read and write is audit-logged with the timestamp, the user, and the IP. We never share decryption keys with third parties.
Is there a BAA?
Yes. A Business Associate Agreement is available on request for any clinician or covered entity that needs one. Larch is built on a HIPAA-eligible cloud and our handling of credential data follows the standard BAA expectations: encryption, audit log, breach notification, deletion on request.
What happens to my files if I close my account?
You can export everything before closing. After deletion, we keep audit-log entries we're legally required to retain (scrubbed of identifying detail) and remove the underlying files. We don't keep your credential PDFs after you leave.

What else Larch tracks

One platform, every credential.

The PDFs you keep losing? Put them somewhere safe.

Free forever. No credit card. BAA available on request.

Sign up free