Security First

Protecting Your Data
with the Highest Global Standards

We use the same level of encryption trusted by governments and major banks — because your health deserves the best.

🔐 AES-256-GCM🛡️ HIPAA📋 ISO 27001
Encryption

Military-Grade Encryption

Every byte of your data is encrypted using globally certified standards — both in transit and at rest.

AES-256-GCM

256-bit symmetric encryption — the same level used by the U.S. government

TLS 1.3

Advanced transport encryption with Forward Secrecy

End-to-End

Encryption from the user's device until data reaches the authorized recipient

Tier A: 11 Fields

Most sensitive fields encrypted with a per-user individual key

The same level as global banks and government agencies

Standards

Compliant with the Best Standards

We adhere to the highest global and local industry standards to protect your data.

HIPAA

U.S. healthcare data protection standards

GDPR-aware

Following the European data protection regulation principles

Iraqi Ministry of Health

Compliant with Iraqi Ministry of Health regulations

ISO 27001

Information security management standard (in process)

Audit Logs

Every Action Logged

Comprehensive, tamper-proof logs for every read and write of your data.

audit.log
Who:Dr. Mohammed Ali
When:2026/04/30 14:22
Where:Baghdad, Karada
What:Viewed patient profile — Consultation
Tamper-proof — blockchain-style integrity
Access Control

Permissions Defined Precisely

Three-level RBAC system with extra protection layers.

Patient

Full access to their own data with sharing controls

Healthcare Provider

Conditional access based on patient permission and need

Administrator

Technical management only — no medical data visibility

Two-factor authentication for every account
Active session management with notifications
Automatic logout on idle
Your Privacy

Your Data Is Not a Product

Four firm commitments we never compromise on.

We Don't Sell Your Data

Not to insurers, not to research, not to any third party

We Don't Track You

No tracking cookies, no fingerprinting, no invasive analytics

No Advertising

Your health is not an ad platform — the app is completely clean

Right to Delete

Delete your account and all data anytime — permanently

Incident Response

A Professional Response Plan

Four organized steps for any potential security incident.

01

Detect

24/7 automated monitoring with instant alerts on any anomaly

02

Contain

Isolate affected systems and protect remaining data immediately

03

Notify

Inform affected users within 72 hours

04

Improve

Post-incident analysis and defense improvements

Read More
About Our Policies

For full legal details, review our Privacy Policy and Terms of Service.

Privacy PolicyTerms of Service