Trust & Security

Built for healthcare, designed for trust.

Your patient data is protected with enterprise-grade security and full HIPAA compliance.

2,000
Requests/IP rate limit
WAF-enforced DDoS protection
7 years
Data retention
HIPAA-compliant record keeping
35 days
Point-in-time recovery
Database backup window
99.9%
Uptime SLA
AWS infrastructure guarantee
<2s
Latency monitoring
Automated alerting threshold
US Only
Data residency
All data stays in US regions
Infrastructure

Our Security Stack

Defense in depth: multiple layers of security protecting your data at every level.

Edge Protection

AWS WAF with managed rule sets
DDoS mitigation (AWS Shield)
Rate limiting per IP address
XSS & SQL injection blocking

Network Security

Private VPC with isolated subnets
VPC Flow Logs for traffic analysis
Security groups with least-privilege
TLS 1.2+ on all connections

Data Encryption

AES-256 encryption at rest
AWS KMS managed keys with rotation
TLS 1.3 encryption in transit
Encrypted database connections

Access Control

Firebase Authentication with JWT
Role-based access control (RBAC)
Least-privilege IAM policies
Secrets Manager for credentials

Monitoring & Alerts

CloudWatch security alarms
Unauthorized access detection
High error rate monitoring
Real-time alert notifications

Data Resilience

Point-in-time recovery (35 days)
S3 versioning for audio files
Multi-AZ database deployment
Automated backup retention
Data Handling

How We Handle Your Data

Transparency in how we process, store, and protect your healthcare data.

Audio Processing

Audio is encrypted during upload, processed for transcription, and the original file is deleted after processing completes.

Data Storage

All data is stored in encrypted databases within US-based AWS data centers. Data is logically isolated per organization.

Retention Policies

Configurable data retention with a 7-year default to meet healthcare record-keeping requirements. Adjustable per your needs.

Deletion on Request

Request data deletion at any time. All associated data is permanently removed within 30 days of your request.

Data Portability

Export your data in standard formats at any time. Your data belongs to you.

No AI Training on Your Data

We do NOT train AI models on your patient data. Your clinical information is never used to improve our models or shared with third parties.

Your Data, Your Control

We do NOT train AI on your patient data. Your clinical information is used only to provide you with software services, never for model training or shared with third parties.

FAQ

Frequently Asked Questions

Common questions about our security and compliance practices.

Status

System Status

All Systems Operational
Web Application
Operational
Voice Agent API
Operational
AI Processing
Operational
Database
Operational
Authentication
Operational

Last updated: Mar 6, 2026, 08:11 PM

Get Started

Have security questions? We have answers.

Our team is here to answer any security or compliance questions. Schedule a call or reach out directly.

Schedule a Security Reviewfounders@mirahealth.care