Questions we actually get asked.

Everything Avera collects stays on the machine running Avera: inside a local SQLite database on your network. No data is transmitted to Avera Systems, no cloud storage exists for compliance records, and the system is fully capable of operating air-gapped. Your evidence never leaves your premises.

No. Avera performs no outbound telemetry, sends no compliance data externally, and has no backend service capable of accessing your records. The passive discovery it performs is entirely contained within your local network. Avera sees your devices. Avera Systems does not.

Avera uses four standard protocols your network already speaks: ARP (how devices identify themselves at the hardware level), mDNS (how printers and Apple devices advertise services), SSDP (how smart devices announce themselves), and NetBIOS (how Windows machines share names). It does not use nmap or any external scanning tool. The primary method, ARP, is identical to what your router does continuously. Once a device is found, Avera checks 20 common ports to understand the device type. No application-layer probes are sent. Printers won't print. No device takes action as a result of discovery.

Avera's evidence ledger is append-only and SHA-256 hash-chained. Every event is cryptographically linked to the one before it. Database-level triggers reject any attempt to update or delete a ledger record. Chain integrity is verified at startup and on demand. If the chain is broken, Avera reports it.

No. Avera is an inventory and compliance evidence tool, not a security scanner. It identifies what devices are on the network and maintains a defensible record of their presence and authorization. It does not probe for vulnerabilities, test credentials, or perform any action that modifies device state.

Access is controlled by role-based authentication local to the Avera installation. WebAuthn is used for authentication. No external party, including Avera Systems, has access to your compliance records. The system supports Admin, Technician, Viewer, and Security roles with differentiated permissions.

Avera is designed for this. Because it operates entirely on-premise, it continues functioning without any internet connection. Discovery, evidence logging, and record generation all operate locally. The compliance record does not depend on external connectivity.

No. Avera is a compliance system of record: it sits alongside your existing tools, not in place of them. RMMs handle patch management and remote access. Security tools handle threat detection. Avera handles the evidentiary layer: continuous device identity, approval workflows, and defensible historical records that neither category of tool was built to maintain.

No. Avera does not access, read, or transmit any patient or clinical data. It observes devices on the network at the network level: which devices are present, when they connected, and whether they were authorized. Your EHR, practice management system, and patient records remain completely separate.

Access is controlled by roles you configure locally. Admin, Technician, Viewer, and Security roles have different permissions. No external party, including Avera Systems, has access. You decide who sees what.

Your data stays on your network. Avera runs on-premise. If you change IT providers, your compliance records remain with you. There is no cloud lock-in. As the practice owner, you hold the Authority role. You can revoke your IT team's access instantly from your own dashboard: no calls, no waiting, no dependency on them to do it for you. The new IT team can take over management of the same installation.

Most IT tools track devices for maintenance: patching, remote access, uptime. Avera tracks them for compliance. It creates a defensible record of what was on your network, when it was authorized, and who approved it. That record is what HIPAA auditors and cyber insurers ask for. The two serve different purposes.

No. Avera uses passive discovery: it listens to the same traffic your router already processes. It does not perform active scans that could impact network performance. The protocols it uses (ARP, mDNS, SSDP, NetBIOS) are standard and lightweight.