1. Overview
At PraxiVantage, security isn't a feature — it's the foundation everything else is built on.
Your patients trust you with their most sensitive information. We take that responsibility seriously. This page explains how we protect your data and your patients' data.
2. Data Encryption in Transit
All data transmitted between your devices and our servers is encrypted using TLS 1.3 — the same security that protects your online banking.
This means that even if someone intercepts the data during transmission, they cannot read it. Every message, every appointment, every patient record is protected.
3. Data Encryption at Rest
Patient data is encrypted using AES-256 encryption — the gold standard used by governments and financial institutions worldwide.
AES-256 is considered unbreakable with current technology. Even if someone gained physical access to our servers, they could not read your data without the encryption keys, which are stored separately and rotated regularly.
4. Data Residency
Your data stays in India.
All patient information is stored on AWS servers in Mumbai. Your data never leaves Indian soil — ever. This ensures compliance with data localization requirements and keeps your patients' information under Indian jurisdiction.
We have no servers outside India. We do not replicate data to international locations. Your data is protected by Indian law.
5. Access Controls
Role-based access: Only you and staff you authorize can access patient data. Each user has specific permissions based on their role.
Two-factor authentication: Available for all accounts. We strongly recommend enabling this for additional security.
Full audit trail: See who accessed what, when. Every action is logged and available for review.
Session management: Automatic logout after inactivity. Device tracking so you know where your account is being accessed from.
6. Compliance Frameworks
We design our systems to meet or exceed these standards:
HIPAA Compliant: We follow the same privacy standards that American hospitals must follow. This includes administrative, physical, and technical safeguards for protected health information.
DPDP Act 2023 Ready: We are fully compliant with India's Digital Personal Data Protection Act before it even took effect. See our dedicated DPDP Compliance page for details.
GDPR Compliant: We meet privacy standards trusted by European regulators, including data subject rights and breach notification requirements.
MCI Guidelines Compliant: Our AI follows Medical Council of India telemedicine guidelines, ensuring appropriate boundaries for AI in healthcare.
Note: HIPAA and GDPR compliance are self-attestation frameworks. We follow their requirements rigorously. For third-party audited certifications like ISO 27001 and SOC 2, we are on a roadmap to obtain these as we scale.
7. What Our AI Does NOT Do
Our AI receptionist Jia has clear boundaries:
Never provides medical advice or diagnosis. Jia will not tell patients what's wrong with them or suggest treatments.
Never makes clinical decisions. All medical decisions remain with you, the doctor.
Never accesses information beyond what's needed for scheduling. Jia only sees appointment-related data.
Never shares data with third parties. Patient information stays private.
What Jia DOES do: Books, reschedules, and cancels appointments. Answers questions about clinic timings and location. Sends appointment reminders. Escalates emergencies immediately (directs to 112 or your emergency line).
8. Our Commitments
Zero Data Selling: We will NEVER sell, share, or monetize your patient data. This is not just a policy — it's a promise.
Data Portability: Export all your data in standard formats within 24 hours. No questions asked.
Right to Deletion: Request deletion of your data anytime. We will remove it from all our systems.
Breach Notification: If any security incident occurs that affects your data, we will notify you immediately — not when legally required, but immediately.
9. Infrastructure
PraxiVantage runs on AWS (Amazon Web Services), the same cloud infrastructure trusted by Netflix, NASA, Airbnb, and major banks.
AWS Mumbai provides multiple layers of physical security, including biometric access controls, 24/7 surveillance, and redundant power systems.
We use a multi-layered architecture with firewalls, intrusion detection systems, and regular security audits.
10. Questions?
If you have security questions or concerns, contact us:
Email: security@praxivantage.com
We take every security inquiry seriously and will respond within 24 hours.