Security

Information Security and Data Protection Policy

Ensuring the confidentiality and integrity of medical data is our key priority. We offer flexible data processing models that comply with regulatory requirements and corporate security standards.

Request Documentation Technical Documentation

Zero-Log Mode (Processing without Saving)

For organizations with increased privacy requirements, we offer Zero-Log mode. In this mode, incoming data is processed in RAM without being saved to disks.

Generation results are stored in a cache with a short time-to-live (TTL) solely to ensure asynchronous response delivery, after which they are permanently deleted. Responsibility for long-term storage of results lies with the client side (HIS/LIS).

More about integration architecture: /b2b/api/.

Data Retention Policy

  • Incoming Data: not saved in Zero-Log mode. In standard mode — storage according to the contract.
  • Processing Results: temporary storage to ensure asynchronous access, then deletion.
  • Metadata: storage of technical logs (without sensitive data) for availability monitoring and billing.

Storage parameters are configured individually within the contract.

Access Control and Audit

We implement a set of organizational and technical protection measures:

  • Role-Based Access Control (RBAC): strict separation of access rights based on roles.
  • Audit Logs: recording all actions with the system (who, when, what resource was requested).
  • Lifecycle Management: regulated procedures for granting and revoking access.
  • Incident Response: agreed processes for responding to information security incidents.

Threat Model and Countermeasures

We proactively work with risks:

  • Data Leakage: minimization of stored data, encryption of communication channels (TLS 1.2+).
  • Unauthorized Access: API key authentication, IP address whitelisting.
  • Human Factor: automated checks for personal data in logs.
  • Integration Errors: input data validation, isolated environments (Test/Production).

As part of the pilot, we conduct a joint risk assessment and agree on the data flow scheme.

Compliance and Documentation

For information security departments and legal services, we provide a full package of documents (solution architecture, data processing regulations, contract template).

Request Document Package