Security
Enterprise-grade security protecting your health data at every layer.
Password Protection
- bcrypt hashing with 12 rounds
- Password complexity requirements
- Minimum 8 characters
- Never stored in plain text
Secure Sessions
- HTTP-only cookies
- Secure flag in production
- SameSite protection
- 30-day auto-expiration
- Remote logout capability
Token Management
- One-time use tokens
- Short expiration (5–60 mins)
- Cryptographically secure generation
- Automatic cleanup
- Magic links (15 min expiry)
Data Protection
- Encrypted database connections
- Secure file storage (MinIO)
- Payment data via Razorpay
- Regular backups
- AES-256 encryption at rest
Activity Monitoring
- Comprehensive audit logs
- IP address tracking
- Device identification
- Login history
- Admin action tracking
Access Control
- Role-based permissions
- Hierarchical admin roles
- Plan-based feature access
- Dynamic access lists
- Granular permissions
Security Best Practices
Regular Security Audits
We perform regular security audits and code reviews to identify and fix potential vulnerabilities.
Dependency Updates
We keep all dependencies up to date with the latest security patches and updates.
HTTPS Everywhere
All connections are encrypted using TLS 1.3. We enforce HTTPS in all production environments.
CSRF Protection
Cross-Site Request Forgery protection is implemented for all state-changing operations.
Rate Limiting
Login attempts and API calls are rate-limited to prevent brute force attacks and abuse.
Input Validation
All user inputs are validated and sanitized to prevent injection attacks and XSS vulnerabilities.
Questions about our security?
Our security team is here to help. Contact us for security inquiries or to report vulnerabilities.