Case File

Northwind Health

Healthcare SaaS

Northwind Health is a (fictional) multi-tenant SaaS for patient intake and scheduling. Like every health-tech vendor, it runs into the same four outlaws. Here is how Cloudflare brings each one in.

Fictional company · real Cloudflare demos

Tour Northwind Health's live site →
WANTED poster: Snake-Oil Sam

Cloudflare AI Search

Snake-Oil Sam

The threat: Every enterprise deal stalls at the security review. Buyers send 200-row questionnaires, and answering them by hand ties up the compliance team for days.

The fix: A grounded trust assistant answers SOC 2, HIPAA, GDPR, and data-residency questions from Northwind’s real documents, with citations, and refuses when the answer is not in the docs.

So what: Cut weeks off every enterprise security review and free the compliance team from questionnaire ping-pong.

Run the live demo →

Live · Cloudflare AI Search

Ask Northwind Health's trust assistant

A fictional company with a real compliance corpus. The assistant answers from that evidence with citations. When the answer is not in the documents, it declines instead of inventing one.

Answerable from the evidence

Try one it should refuse

Answers take ~2-8 seconds (grounded retrieval + a 70B model). Citations show the exact evidence used.

See the living trust center on Northwind Health's own site →

WANTED poster: The Toll Collector

Cloudflare Turnstile

The Toll Collector

The threat: Patients hit a CAPTCHA wall at portal login. Elderly and low-vision patients abandon, the puzzles are an ADA risk, and legacy CAPTCHAs quietly feed patient behavior to an ad graph.

The fix: Turnstile verifies patients invisibly. No puzzles, no accessibility wall, and no third-party ad tracking of sensitive behavior.

So what: Keep patients (including elderly and low-vision) flowing through login while staying ADA-defensible.

Run the live demo →
WANTED poster: The Rustler

Cloudflare Workers

The Rustler

The threat: Northwind’s public clinical guides and provider directory get strip-mined by AI crawlers, with no attribution and no control.

The fix: A Worker identifies AI crawlers at the edge and can meter, license, or block them, turning a quiet leak into a policy decision.

So what: Turn uncontrolled scraping of clinical content into a policy you set: attribution, licensing, or a block.

Run the live demo →
WANTED poster: The Two-Faced Drifter

Cloudflare D1

The Two-Faced Drifter

The threat: Northwind serves EU clinics. GDPR and health-data rules demand EU patient data stay in the EU, but most apps cannot actually prove where a record landed.

The fix: Edge logic routes and stores each record in its own jurisdiction (EU patients to Dublin), making residency provable instead of aspirational.

So what: Prove EU patient-data residency to auditors and unblock EU clinic deals.

Run the live demo →

That's a wrap

Every outlaw, one frontier, all brought in.

Every fix above runs on Cloudflare's platform. Want to see them mapped to your stack?

Back to the Most Wanted Talk to me →