Security & Data Protection
Security and patient confidentiality are our highest priorities. Our platform is built on modern cryptography and secure infrastructure to protect sensitive communication in healthcare environments. From private messages to clinical collaboration, your data is protected by end-to-end encryption powered by the Matrix protocol
End-to-End Encryption
All messages, files, voice notes and attachments are encrypted on your device before they leave your network and can only be decrypted by their intended recipients.
No one else can access your data - not even us
Protects against server breaches and unauthorized access
Based on proven cryptography (Curve25519, AES-256, HMAC-SHA256)
Zero-Access Architecture
We cannot read your data, by design.
Feature | |
|---|---|
End-to-End Encryption | Enabled by default in all department rooms |
Private Key Ownership | Encryption keys are stored only on your verified devices |
Zero Knowledge | We never have access to patient or team communication content |
Healthcare-Grade Security
Designed for healthcare teams and sensitive environments.
Compliance Support | Description |
|---|---|
GDPR Ready | Full data control and export options |
HIPAA Alignment | Secure communication features for PHI |
Data Residency Control | Choose where your data is stored |
Identity Verification & Access Control
Cross-signing prevents impersonation attacks
Device verification ensures message authenticity
Secure session management
Encrypted key backups for continuity
Infrastructure Security
Protection Layer | Features |
|---|---|
Secure Hosting | ISO 27001 data centers |
TLS Encryption | Enforced in-transit encryption |
DDoS Mitigation | Automated network protection |
Firewall Enforcement | Strict access policies |
Role-Based Access | Admin and clinical access roles |
Privacy by Design
We collect the minimum metadata required to operate the service. Your conversations, attachments, and clinical data are never used for analytics, advertising, or AI model training.
We do not:
Sell or share your data
Access your encrypted messages
Track clinical communication content
Independent & Open Security
Security should be transparent. That’s why our messaging layer is powered by Matrix, an open standard reviewed by independent researchers and trusted by:
The UK Government
Gematik (Germany’s national healthcare network)
US Department of Defense
Mozilla, Automattic, Thales
Human Safety Controls
Admin control over rooms and access
Audit logs for compliance and accountability
Full data retention control
Device revocation if lost/stolen
Message retention policies
Responsible Disclosure
We operate a responsible security disclosure policy. If you discover a vulnerability, please contact our security team through our contact us page.
