Security & Compliance
Protecting your data is our top priority. SwiftHx is built with security and privacy at its core.
Security Features
Our comprehensive security approach protects your data at every level.
End-to-End Encryption
All data in transit and at rest is protected with enterprise-grade encryption. We use AES-256 encryption and TLS 1.3 for all communications.
Secure Infrastructure
Our infrastructure is built on Google Firebase, which is hosted on Google Cloud Platform. While Google Cloud maintains various certifications including ISO 27001, SOC 2, and PCI DSS, our specific implementation is currently working towards its own compliance certifications.
Role-Based Access Controls
Fine-grained permission systems ensure users can only access the data they need. Administrators can configure roles and permissions to match organizational requirements.
Regular Security Audits
Our systems undergo regular security audits and penetration testing by independent third parties to identify and address potential vulnerabilities.
Data Minimization
We follow the principle of data minimization, collecting only the data necessary to provide our services. This reduces risk exposure and enhances privacy protection.
Secure Development Lifecycle
Our development team follows secure coding practices and conducts regular code reviews. All code changes undergo security analysis before deployment.
Compliance Roadmap
Our commitment to achieving and maintaining industry-standard certifications.
| Certification | Status | Expected Completion | Description |
|---|---|---|---|
| HIPAA Compliance | Planning | In development | We are developing a roadmap to ensure protection of sensitive patient health information in accordance with HIPAA regulations. |
| SOC 2 Type II | Planning | In development | We are working toward independent verification of our security, availability, processing integrity, confidentiality, and privacy controls. |
| GDPR Compliance | Planning | In development | We are implementing features to meet European data protection and privacy standards for all individuals within the EU. |
| ISO 27001 | Future Goal | Long-term roadmap | International standard for information security management systems (ISMS) is on our long-term compliance roadmap. |
Data Processing Practices
Transparent and secure handling of your information.
Data Storage
Our data is stored using Firebase Cloud Storage and Firestore, which are built on Google Cloud Platform infrastructure. While we are leveraging Google's secure infrastructure, our specific implementation is still working towards formal SOC 2 certification. Patient data for Australian users is primarily processed in Australian data centers.
Data Retention
We retain data only as long as necessary to provide our services or as required by law. You can request deletion of your data at any time through your account settings.
Access Controls
Access to production systems is strictly limited to essential personnel. All access is logged and monitored, with multi-factor authentication required for all administrative functions.
Incident Response
We maintain a comprehensive incident response plan with defined procedures for identifying, containing, and resolving security incidents. All staff are trained in security protocols.
Have security questions?
Our security team is ready to answer any questions about our security practices and compliance status.
Contact us