Security

Your data is safe with us

Patient health data is among the most sensitive data in existence. We treat it that way — with enterprise-grade security built into every layer of LevelsHMS.

Encryption

All data encrypted at rest using AES-256. All data in transit protected by TLS 1.3. Encryption keys managed via AWS KMS with automatic rotation.

India data residency

All data stored exclusively in AWS ap-south-1 (Mumbai) region. Your patient data never leaves India, in compliance with DPDP Act requirements.

Access control

Role-based access control (RBAC) with granular permissions per module. Every action is logged. Multi-factor authentication available for all accounts.

Backups & recovery

Automated daily backups with 30-day retention. Point-in-time recovery available. Disaster recovery tested quarterly with RTO < 4 hours.

Audit logging

Complete audit trail of every data access, modification, and export. Logs are immutable and retained for 7 years to meet healthcare regulatory requirements.

ABDM security

ABDM data exchange follows NHA security guidelines. Patient consent is mandatory for all health data access. No data is retained beyond authorised use.

Certifications & compliance

ABDM Health Repository Provider certified

Hosted on ISO 27001 certified AWS infrastructure

Annual third-party penetration testing

DPDP Act compliant data processing

99.9% uptime SLA

SOC 2 Type II (in progress)

Responsible disclosure

If you discover a security vulnerability in LevelsHMS, please report it responsibly to our security team. We appreciate the efforts of security researchers and will acknowledge all valid reports.

Contact: security@levelshms.in