Legal / Data Security Policy
Data Security Policy
Technical and organizational measures to protect healthcare and personal data.
HealthSurya Healthcare Platform · Last updated: 2026-05-31
1. Commitment
HealthSurya implements security controls appropriate for a healthcare platform handling personal and sensitive health-related information.
2. Encryption
Data in transit is protected using TLS/SSL (HTTPS). Database and file storage use encryption at rest via our cloud providers. Prescription and verification documents are stored in access-controlled buckets.
3. Access control
Role-based access (patient, doctor, lab, admin) is enforced through Row Level Security and server-side authorization. Administrative access is limited to verified staff on a need-to-know basis.
4. Monitoring & audit
We maintain audit logs for verification decisions, admin actions, and security events. Anomalies are investigated and remediated.
5. Backups
Regular automated backups support disaster recovery. Backup retention follows our internal schedule and provider capabilities.
6. Incident response
Suspected breaches are contained, investigated, and reported to affected users and regulators as required by law.
7. User responsibilities
Use strong passwords, log out on shared devices, and do not upload malware or unauthorized patient records belonging to others.
Questions? Contact support@healthsurya.com. This document does not constitute legal advice.