SIGNUP NOW

Security & Trust

Your patients trust you with their health—Nemedic protects their data with the same care. Our cloud‑native platform is built for privacy, resilience, and regulatory compliance.

Contact our security team

Table of contents

  1. Infrastructure security
  2. Data protection
  3. Business continuity & disaster recovery
  4. Compliance & privacy
  5. Application security
  6. Monitoring & incident response
  7. Organizational security
  8. Contact

Infrastructure security

ControlDetails
Hosting U.S.–based, ISO 27001–certified cloud platform with multiple data centers
Network isolation Private sub‑networks, restricted ingress/egress, and jump‑host‑mediated admin access
Compute layer Horizontally scalable application tier distributed across several fault‑isolated zones and protected by a web load balancer
Database Fully managed, auto‑scaling relational database with built‑in encryption and continuous patching
Transport security TLS 1.3 required for all client and service traffic; HSTS enforced
Secrets management Hardware‑backed key management; credentials stored only in encrypted secret stores

Data protection

AspectHow we protect your data
Encryption in transit All traffic secured with modern TLS ciphers; legacy versions disabled
Encryption at rest Server‑side AES‑256 encryption using managed hardware security modules
Backups Automated snapshots retained for 30 days and stored in separate fault domains
Access controls Role‑based permissions; no production data on developer devices or portable media

Business continuity & disaster recovery

GoalCommitment
RPO≤ 1 hour
RTO≤ 4 hours
High availabilityWorkloads distributed across multiple physically isolated zones
Snapshot redundancyCopies stored in independent failure domains; cross‑region replication on roadmap

Compliance & privacy

Framework / lawOur posture
HIPAA Signed Business Associate Agreements with all covered entities, infrastructure, and AI providers
AI usage Zero‑retention endpoints; neither prompts nor completions are persisted by the provider
SOC 2 / ISO 27001 External attestation program scheduled to begin in 2026

Application security

LayerSafeguards
Authentication Email + password with strong policy
Authorization Fine‑grained role‑based access control throughout the platform
Secure development Pull‑request reviews, CI gates, and automated dependency scanning (roadmap)
Pen‑testing Independent testing planned for 2026
Responsible disclosure Security researchers can email security@nemedic.com

Monitoring & incident response

TopicPractice
ObservabilityCentralized log and metric aggregation with real‑time alerting
On‑call24 × 7 engineering rotation
Incident communicationsAffected customers notified directly via email
Post‑mortemsRoot‑cause analysis shared with impacted customers within 5 business days

Organizational security

AreaMeasure
Background checksAll employees screened prior to hire
Least privilegeJust‑in‑time access with quarterly reviews
Security awarenessTraining at onboarding and annually thereafter

Contact

Questions, concerns, or vulnerability reports?
Email: security@nemedic.com
PGP: coming soon
Response target: We acknowledge all security reports within 2 business days.

Need deeper assurance? Let’s talk.