Skip to main content
MedvixMedvix
Request demo

Security Policy

Last Updated: October 20, 2025 | Version 2.1

Security-by-design for medical communication assistance.

Architecture Overview

Managed Deployment

Full-service deployment with our infrastructure

  • Control Plane (Our Cloud): Auth, config, metrics
  • Data Plane (Our Cloud): AI generation, retrieval
  • Customer Integration: Widget embed via CDN

VPC Deployment

Customer-controlled infrastructure with our platform

  • Control Plane (Our Cloud): Auth, config, metrics only
  • Data Plane (Customer VPC): All data processing
  • Customer Integration: Private endpoints

Data Encryption

At Rest

  • Algorithm: industry-standard encryption (scope-dependent)
  • Key Management: AWS KMS (managed) or Customer KMS (VPC)
  • Database: encrypted volumes where applicable (environment/scope-dependent)
  • Backups: encrypted where applicable (environment/scope-dependent)

In Transit

  • TLS for communications (in transit encryption)
  • Certificate Management: automated lifecycle where applicable

Access Control

Authentication

  • Multi-Factor Authentication (MFA) available/required depending on role and deployment
  • Role-Based Access Control (RBAC)
  • API Keys: rotation policy is defined per environment and customer scope
  • Session Management: JWT with short expiry

Monitoring & Auditing

  • Monitoring and alerting where configured (scope-dependent)
  • Audit logs: append-only where applicable; access-controlled
  • SIEM Integration: Export to customer systems
  • Anomaly Detection: monitoring and alerting as configured

Compliance & Certifications

GDPR: scope-dependent
CCPA: scope-dependent
SOC 2: roadmap / customer due diligence
ISO 27001: roadmap
HIPAA: scope-dependent
KVKK-first design

Incident Response

  • Response time: based on incident severity and support plan
  • Customer notification: per contract and applicable law
  • Remediation: containment and corrective actions as appropriate
  • Post-incident: postmortem and evidence as agreed

Security Contact

Security Email

security@medvix.ai

Emergency Contact

Emergency: contact your account owner / clinic IT

Responsible Disclosure

Responsible disclosure: available on request