Data Security

1. Encryption and Transmission

All data transmitted between your device and our servers is encrypted using industry-standard TLS (Transport Layer Security). We also encrypt sensitive medical data at rest using advanced encryption algorithms such as AES-256 to ensure robust protection against data breaches.

2. Access Controls

• Authentication is required for all access to personal health records.
• We enforce strong password policies and optional two-factor authentication.
• Role-based access controls limit internal system access strictly on a "need-to-know" basis.

3. Continuous Monitoring

We continuously monitor our infrastructure for potential vulnerabilities. Security audits and routine vulnerability scanning ensure that our platform remains resilient against emerging threats. Unusual access patterns or activity automatically trigger alerts to our security response team.

4. Partner Compliance

All healthcare partners that connect with HealthSetu's APIs undergo rigorous security evaluations. Third-party integrations are secured using API keys and standard OAuth tokens, and we strictly enforce secure data handoffs.

5. Incident Response

In the unlikely event of a security incident, HealthSetu has a documented Incident Response Plan designed to swiftly identify, mitigate, and remediate issues. We commit to prompt and transparent communication with affected users in accordance with applicable laws.