Data Privacy & Security at HealthX

End-to-End Data Encryption – AES-256 encryption for stored data and TLS 1.2+ for secure data transmission.

Secure Authentication & Access Control – Role-based access, multi-factor authentication (2FA), and strict PHI (Protected Health Information) security.

Audit Logging & Monitoring – Continuous tracking of data access, modification, and activity logs.

Business Associate Agreements (BAA) – We only use HIPAA-compliant third-party services (AWS, Google Cloud, Azure).

Data Retention & Secure Deletion – User data is stored securely and can be permanently deleted upon request.

User Data Control – Users can access, update, or request deletion of their personal data anytime.

Explicit Consent & Transparency – We collect and process data only with clear user consent.

Right to Be Forgotten & Data Portability – Users can request a complete data export or permanent deletion.

Anonymization & Pseudonymization – Personally identifiable data is securely masked where necessary.

72-Hour Data Breach Notification – If a data breach occurs, users and authorities are notified within 72 hours, per GDPR requirements.