Security

  • Cyber Security

    Cyber Security

    We implement proactive measures to defend against cyber threats and protect application and user-level integrity.
    • OWASP top 10 mitigation
    • Regular penetration testing by third party
    • Audit logging & real-time monitoring
  • Encryption

    Encryption

    All data is protected with industry-standard encryption both at rest and in transit. Sensitive personal information receives additional encryption layers to ensure maximum protection.
    • AES-256 encryption at rest
    • TLS 1.3 for all data in transit
    • Application-level encryption for sensitive PII
  • Cloud Security

    Cloud Security

    Our infrastructure is hosted on trusted cloud providers with enterprise-grade security, availability, and resilience.
    • SOC 2 & ISO 27001 certified data center
    • Regular vulnerability scans on cloud assets
    • Access control policies (IAM, RBAC)

Compliance

We are committed to maintaining the highest standards of compliance through continuous improvement and proactive security measures.

  • Global Regulatory Alignment

    Global Regulatory Alignment

    We adhere to major international data protection laws and implement region-specific compliance measures.
    • GDPR - EU data protection and transfer rules
    • CCPA/CPRA - California consumer privacy and opt-out rights
    • Japan APPI - Personal data use and export control
    • Other Regions - Regional privacy laws and compliance support
  • Certified Security Frameworks

    Certified Security Frameworks

    We are certified against widely recognized security and privacy frameworks.
    • SOC 2 Type II certified for security controls
    • HIPAA compliance for personal health data
    • Third-party penetration tests conducted regularly
    • Annual security training completed by all staff
  • Privacy Protection

    Privacy Protection

    Privacy is embedded in our product design and dailyoperations, ensuring responsible data handling at every stage.
    • Data and access strictly minimized by design
    • DSAR (Data Subject Access Request) supported
    • Role-based access to personal data
    • Privacy by Design & Default
  • Continuous Compliance

    Continuous Compliance

    Our compliance is not a one-time milestone - it's a living program sustained through monitoring, training, and updates.
    • Continuous monitoring and regular compliance audits
    • Adapting to new regulations and emerging threats
    • Regular incident response drills and playbook updates
    • Ongoing data governance and privacy impact assessments

Frameworks

We adhere to global regulatory standards and security frameworks.

  • SOC 2 Type II

    SOC 2 Type II

    Annual audit covering security, availability, and confidentiality trust principles.
    statusObtained
  • HIPAA

    HIPAA

    Compliance with healthcare data protection standards for PHI.
    statusObtained
  • GDPR

    GDPR

    Full compliance with EU data protection regulations.
    statusObtained
  • EN 18031

    EN 18031

    Compliant with European cybersecurity standards for secure wireless communication.
    statusObtained
  • ISO/IEC 27001:2022

    ISO/IEC 27001:2022

    International standard for information security management.
    statusObtained
  • ISO/IEC 27701:2019

    ISO/IEC 27701:2019

    International standard for information security management.
    statusObtained