Click Therapeutics builds FDA-regulated software as medical treatment, shipping prescription apps to patients' smartphones. Since 2012, the 130-person company has navigated the regulatory gauntlet to clear CT-152 (Rejoyn™) - the first FDA-cleared prescription app for adjunctive Major Depressive Disorder - and advanced CT-132 through a successful pivotal trial for episodic migraine. The threat model here isn't traditional adversaries; it's patient safety, data integrity under FDA scrutiny, and the operational reality of deploying medical-grade software at scale. Mobile delivery means the attack surface lives in patients' hands, clinical data flows continuously, and every build touches PHI across four U.S. offices.
The security architecture runs AES-256 encryption at rest and TLS 1.3 in transit, protecting data pipelines that feed AI and machine learning systems personalizing cognitive and behavioral interventions. API design connects clinical trial infrastructure, partner integrations with Otsuka Pharmaceutical and Boehringer Ingelheim, and the therapeutic delivery layer itself. The technical stack spans mobile app development, data analytics, and neuromodulatory software - domains where a breach doesn't just leak records, it undermines patient outcomes and regulatory standing. Operating across psychiatry, neurology, oncology, immunology, and cardiometabolic disease programs means securing diverse therapeutic workflows under a single compliance framework.
The team operates at the intersection of software engineering, neuroscience, and FDA regulatory processes - building software that must clear clinical trials, maintain 21 CFR Part 11 compliance, and scale as prescription volume grows. Security here is foundational infrastructure, not bolt-on controls: the product is the treatment, and the data is the clinical evidence base.
