Security

Healthcare-grade security, by design

Clinics trust us with their most sensitive data. Here's how we protect it.

Security pillars

Encryption in transit and at rest

All traffic is TLS 1.2+; databases and backups are encrypted at rest, and sensitive fields — national IDs, contact details, and clinical notes — are individually encrypted.

Daily encrypted backups

Automatic daily backups with retention and disaster-recovery procedures.

Role-based access control

Seven built-in roles plus custom profiles with fine-grained, scoped permissions.

Audit logs

Sensitive actions are logged with actor, target, and timestamp for review.

Compliance-ready

ZATCA Phase 2 (Saudi Arabia) and ETA e-receipt (Egypt) e-invoicing built in.

Data residency

Cloud infrastructure in the region. Private-cloud and on-prem options for Enterprise.

Operational practices

  • Least-privilege access for engineering
  • Peer code review on every change
  • Secrets kept in a managed vault, never in code
  • Defined incident response and notification process
  • Regular dependency and platform security updates

Need more detail?

Enterprise customers can request our security questionnaire and data-processing agreement.

Contact us