Healthcare-grade architecture, by default.
Mediora Labs is engineered for clinical environments. Security, privacy, and operational reliability are foundational requirements — not premium features behind an enterprise tier.
Encryption everywhere
TLS 1.3 in transit and AES-256 at rest. Encryption keys are rotated on a fixed schedule and stored in HSM-backed key management.
Single-tenant data isolation
Clinic data is logically isolated by default. A dedicated database per clinic is available for sensitive deployments.
Least-privilege access
Role-based access with single sign-on and enforced two-factor authentication. Production access requires named approval and is fully logged.
HIPAA & GDPR aligned operations
Business Associate Agreements available. Documented policies for data handling, retention, breach response, and subprocessor review.
Full audit trail
Every patient-facing event is captured in an immutable audit log, available for export on demand by clinic administrators.
Continuous review
Quarterly penetration testing, automated dependency scanning, and a formal change-management process for all production releases.
Operational standards
The same rigor we apply to code, we apply to operations. Below are the commitments built into every clinic deployment.
- Uptime SLA
- 99.95%
- RPO
- ≤ 5 min
- RTO
- ≤ 60 min
- Backups
- Hourly · 30d
- Region
- Customer-chosen
- Subprocessors
- Reviewed quarterly
Need a security review?
We share documentation, BAAs, and architecture diagrams under NDA. Most reviews complete within a week.