Making application HIPAA compliant with Plasmic.

Reposting here again from Forum, apologies.
We’re looking to make our application HIPAA compliant, and we’re considering using Plasmic due to its ability to streamline our tech stack.
However, I noticed that even when deploying Plasmic to our own codebase, our application will still communicate with Plasmic’s servers through its headless API.
Is there a way to fully isolate our app so that it doesn’t need to interact with Plasmic servers? Would using CodeGen Do the trick? if so, is there any guide on that, please.
Any guidance would be appreciated!

Hi @early_earthworm! Yes, with codegen all the design code will be in your codebase. You can find the codegen guide here:

I’ve been using Plamsic for a while and have had similiar questions that I’ve put off asking.

It would be great if there was a visual that showed the difference between the loader and codegen as it relates to the plasmic server interaction. If it could also go into detail as it relates to plasmic sync and plasmic auth, that would be wonderful.

I think the technical overview is a good start for compliance purposes and system architecture,Technical%20Overview,-Plasmic%20lets%20non

Also notice, although the design code will all be in your codebase, integrations such as: Plasmic user authentication, dynamic data via Plasmic integrations (Plasmic CMS, Supabase, etc) and hosting images in Plasmic CDN (it’s possible in codegen to export the images instead of hosting it there) will still need to interact with Plasmic servers

if someone builds an app using “loading boundary”, will that necessitate needing to still have sessions w/ the server?

the Loading Boundary component itself won’t issue any requests, but it’s generally used to handle the loading state of dynamic data from Plasmic integrations (like the queries in “Data queries” in the “Page data” tab). In this case, these queries will be fetching data from our servers

ya, thinking if it’d be possible to still use Supabase Auth w/o using the Auth API and leverage the Loading Boundary component to continue to have protected pages

Thank you Victor and Alyssa- and apologies I am just seeing the thread of messages here. adding few more things on my to learn list :sweat_smile: