Security and compliance
Built for data people lose sleep over
Biometrics, IDs, visit logs, clinical events — at institutional scale. Encryption, strict access, immutable audit trails, and regional deployment aren't add-ons. They're the baseline.
Encryption and data protection
- TLS 1.2+ for all data in transit between clients, APIs, and platform services.
- AES-256 encryption for data at rest in production databases and object storage.
- Secrets and keys managed through environment-isolated configuration — not embedded in application code.
Access control and identity
- Role-based access control (RBAC) with institution-scoped permissions.
- Multi-factor authentication available for administrative and high-privilege roles.
- Session management with automatic expiry and re-authentication for sensitive operations.
Auditability and monitoring
- Immutable audit trails for identity verification, encounter events, and administrative actions.
- Continuous security monitoring with alerting on anomalous access patterns.
- Regulator and program-integrity query interfaces with scoped, read-only access.
Data residency and compliance
- Production workloads deployed in region-appropriate cloud infrastructure (Africa-first deployment strategy).
- NDPR-aligned data handling for Nigerian deployments; Kenya DPA considerations for East Africa operations.
- HIPAA-ready control framework for institutions requiring US-aligned safeguards.
- Business Associate Agreement (BAA) available on request for covered entities.
AES-256
Encryption at rest
TLS 1.2+
Encryption in transit
RBAC + MFA
Access model
NDPR / HIPAA-ready
Regulatory posture