Clinical-grade trust, non-negotiable.
Patient data is the most sensitive cargo a software platform can carry. This page is the long version of how we treat it: what we do by default, what we audit, and what we will never compromise on.
Six pillars, all on by default.
These are not features you opt into. They are the floor, applied to every tenant the moment they are provisioned.
Tenant isolation
Every hospital, blood bank, and NGO network is provisioned as a logically isolated tenant. Data, branding, policies, and user identities never cross tenant boundaries. Cross-tenant queries are prevented at the database, application, and API layer.
Encryption
TLS 1.3 in transit. AES-256 at rest for databases and object storage. Document and image URLs are short-lived and signed. Secrets live in a managed vault, not in code or environment files.
Identity and access
Five built-in roles (super admin, org admin, doctor, staff, patient) with fine-grained permission scopes. Multi-factor authentication is supported for all clinical roles. Sessions expire on inactivity and on role change.
Audit logging
Every clinically significant action is recorded with actor, timestamp, IP, and payload diff. Logs are append-only, exportable, and tamper-evident. Admins can replay any patient timeline as it appeared on a specific date.
Hosting and residency
All production data is hosted in India. We use managed cloud regions with SOC 2 / ISO 27001 attestations. Daily encrypted backups with point-in-time recovery. Disaster recovery is rehearsed, not assumed.
Operational hygiene
Least-privilege production access. All deploys go through code review and CI checks. Dependency vulnerabilities are scanned continuously and patched on a defined SLA. Engineering on-call is documented and tested.
The frameworks we map to.
We do not claim certifications we do not hold. The list below describes the frameworks our architecture and operations are aligned to and the ones we are actively pursuing formal attestation for.
ABDM aligned
Architecture follows the National Digital Health Mission framework, including ABHA-linked patient identity and FHIR-compatible records.
DPDP Act ready
Data principal rights, consent management, and breach reporting are first-class workflows, not bolt-ons.
NABH compatible
Workflows and forms map cleanly to NABH transfusion and patient safety standards.
ISO 27001 controls
We follow ISO 27001 control families across information security, vendor management, and incident response.
HIPAA-grade
While Indian law governs us, we apply the technical safeguards expected under US HIPAA so that international partners are covered.
What you can expect from us.
Data export
Tenants can export the full record of their patients in machine-readable formats at any time. No retention games.
Deletion
Hard delete on patient removal flows through a 30-day soft-delete window with audit trail, then is purged from primary and replica storage.
Vendor review
Every subprocessor we use is reviewed annually. The current list is published and dated.
Pen testing
Independent third-party penetration tests are scheduled annually with summary letters available under NDA.
Found something? Tell us.
We welcome reports from security researchers and clinicians. Email security@rudhiraksh.in with a description, reproduction steps, and any impact you have observed. We acknowledge within one business day, triage within five, and we do not pursue researchers acting in good faith.
security@rudhiraksh.in