Compliance & Security

Data privacy is our priority. We implement a redundant and secure architecture to protect critical clinical information.

FRAMEWORK

Regulatory Framework

We follow digital health industry best practices:

LFPDPPP Mexico

Compliance with the Federal Law on Protection of Personal Data Held by Private Parties.

HIPAA Alignment

We adopt standard industry guidelines for health data security and privacy.

GDPR Practices

We apply international principles such as the right to be forgotten and data minimization.

Information Security

Our internal processes follow controls based on security management standards.

SECURITY BY DESIGN

Our Security Principles

We design our technology with redundancy and data protection at its core.

Data Protection

We align with LFPDPPP (Mexico) for the responsible, ethical, and legal handling of sensitive personal data.

Multi-Cloud Architecture

Our infrastructure operates redundantly across AWS and GCP, ensuring high availability and resilience against failures.

Activity Logs

We maintain detailed records (logs) of access and modifications to ensure data integrity and traceability.

TECH SPECS

Platform Security

Advanced technical and organizational measures protecting your information every day.

Data Encryption

Your information travels securely via standard protocols (TLS/SSL) and is encrypted at rest.

Immutable Backups

We generate unalterable, geographically distributed backups (Multi-Cloud) for disaster recovery.

Access Control

Role-Based Access Control (RBAC) to ensure only authorized personnel access data.

Secure Development

We apply software engineering best practices to minimize risks in our code.

Bioethics Training (CITI)

All staff are certified by the CITI Program in 'Data or Specimens Only Research' for ethical data handling.

Business Continuity

We maintain a Disaster Recovery Plan (DRP) and a Business Continuity Plan (BCP), with annual recovery drills and impact analysis.

Incident Management

A formal incident response plan with defined roles, and a post-incident review process to continuously strengthen our controls.

Vendor Management

Every critical vendor signs a Data Processing Agreement (DPA) and, where applicable, a HIPAA Business Associate Agreement (BAA), with annual review of their security certifications.