Security

Clinvo Health treats patient data as the most sensitive information we handle. This page is an honest, evolving summary of our security posture. A detailed security whitepaper is in preparation and will be linked here once published.

Data at rest: AES-256-GCM encryption across databases, object storage, and backups.

Data in transit: TLS 1.3 for all client-server and service-to-service traffic.

Data residency: Primary infrastructure is hosted in AWS Mumbai (ap-south-1). Patient data does not leave India except where a Data Principal has explicitly consented to cross-border AI inference (see the Privacy Policy).

Access control: Role-based access control with least-privilege defaults, multi-factor authentication for all staff accounts, and audit logging on every clinical-data access.

Tenant isolation: Each clinic's records are logically isolated with separate encryption keys and row-level scoping enforced at the API layer.

Incident response: A documented incident response plan with a 72-hour breach-notification commitment under DPDPA 2023.

For specific security questions or to report a vulnerability, please email [email protected].