Security

Security overview

Effective date: May 7, 2026

Medirove is designed to handle sensitive family health records. This page summarizes the safeguards we aim to maintain as the product moves toward public launch.

Core safeguards

• HTTPS for app and website traffic.
• Encryption at rest for supported databases, storage, backups, and logs.
• Secure handling of session and mobile bearer tokens.
• Role-based and least-privilege access for production systems.
• Admin MFA for production, cloud, database, and support access.
• Audit logging for report access, upload, download, summary generation, deletion, and admin actions.
• File upload restrictions for supported report types and size limits.
• Health-content exclusions for analytics, ads, crash reports, and routine emails.

Staff access

Staff access to patient records should be limited to support requested by the user, security investigation, legal/compliance obligations, or approved production incident debugging. Access should be logged and reviewed.

AI safeguards

AI providers should process report data only for Medirove's feature purposes. Medirove should not allow general model training on patient data unless that future use is clearly disclosed, consented to, and reviewed.

Incident response

If Medirove identifies a security incident involving personal or health data, we will investigate, contain the issue, assess affected data, notify appropriate contacts where required, and take steps to reduce recurrence. Certain cyber incidents or personal data breaches may require regulator or CERT-In reporting.

Contact

Security or privacy concerns can be sent to CUES SIMPLIFY IT SERVICES PRIVATE LIMITED at anil@csimplifyit.com or by mail at Innov8 UCP, 9th Floor, Tower D, Unitech Cyber Park, Sector 39, Gurugram, Haryana - 122001, India.