Security Policy

Encryption Standards

• Data at Rest: All health records encrypted with AES-256
• Data in Transit: TLS 1.3 encryption for all data transfers
• End-to-End Encryption: Optional for sensitive documents

Access Control

• Multi-factor authentication (MFA/2FA) available
• Biometric login support (fingerprint, face ID)
• Session management and automatic logout
• IP-based access alerts

Security Certifications

• SOC 2 Type II certified
• HIPAA compliant (where applicable)
• GDPR compliant
• Regular third-party security audits

Data Backup & Recovery

• Automated daily backups
• Geographically redundant storage
• 99.9% uptime SLA
• Disaster recovery plan tested quarterly

What We DON'T Do

• We never sell your data
• We don't store passwords in plain text
• No third-party access without consent
• No unnecessary data collection

Security Recommendations for Users

• Enable two-factor authentication
• Use strong, unique passwords
• Keep your device and app updated
• Log out from shared devices
• Report suspicious activity immediately

Reporting Vulnerabilities

If you discover a security vulnerability, please contact our security team: