Enterprise security you can trust
Kshemetrix is built on a security-by-design foundation. Every layer of the platform is engineered to protect your most sensitive data with industry-leading standards.
Overview
Security is not a feature. It is our foundation.
Health and wellbeing data is among the most sensitive information in the world. We treat every piece of data with the highest level of care, applying defense-in-depth principles across infrastructure, application, and operational layers.
Encryption Everywhere
All data is encrypted at rest using AES-256 and in transit using TLS 1.3. Database columns containing PHI or PII use application-level encryption with customer-managed keys.
Access Control
Granular role-based access control (RBAC) with predefined roles and custom role builder. Attribute-based access control (ABAC) for field-level permissions. Support for SSO via SAML 2.0 and OIDC.
Audit Logging
Immutable audit trail records every user action, API call, and system event with timestamps, IP addresses, and user context. Logs are retained for 7 years and exportable to external SIEM systems.
Penetration Testing
Annual third-party penetration tests conducted by certified security firms. Continuous vulnerability scanning with automated remediation workflows. Bug bounty program for responsible disclosure.
Network Security
Web Application Firewall (WAF), DDoS protection, and rate limiting on all endpoints. Private VPC deployment with network segmentation. Mutual TLS (mTLS) for service-to-service communication.
Authentication
Multi-factor authentication (MFA) enforced for all admin accounts. Support for hardware security keys (FIDO2/WebAuthn), TOTP, and SMS-based verification. Session management with configurable timeouts.
Compliance
Certified and audited to the highest standards
We maintain active certifications and undergo regular independent audits to ensure continuous compliance.
SOC 2 Type II
CertifiedAnnual audit by independent third-party assessor covering security, availability, and confidentiality trust service criteria.
ISO 27001
CertifiedInternational standard for information security management systems (ISMS) with comprehensive controls framework.
GDPR
CompliantFull compliance with the EU General Data Protection Regulation including data processing agreements, consent management, and right-to-erasure.
HIPAA
CompliantHealth Insurance Portability and Accountability Act compliance with Business Associate Agreements (BAAs) for all enterprise customers.
Privacy
Privacy by default, not by afterthought
Our privacy framework is designed to meet the strictest global regulations while giving your users full control over their personal data.
Consent Management
Built-in consent management framework that tracks user consent for data collection, processing, and sharing. Granular consent options per data category with full audit trail.
Data Minimization
Collect only the data necessary for each feature. Automated data retention policies with configurable expiration periods and secure deletion workflows.
Right to Erasure
Automated workflows for processing data deletion requests in compliance with GDPR Article 17. Complete data removal across all systems including backups within the mandated timeframe.
Privacy Impact Assessments
Regular Data Protection Impact Assessments (DPIAs) for new features and data processing activities. Published processing records available upon request.
Data Residency
Your data stays where you need it
Choose where your data is stored and processed. We operate in multiple regions to meet local data sovereignty requirements.
North America
US East (Virginia), US West (Oregon), Canada (Montreal)
Europe
Ireland (Dublin), Germany (Frankfurt), UK (London)
Asia Pacific
Singapore, India (Mumbai), Australia (Sydney)
Middle East
UAE (Dubai), Saudi Arabia (Riyadh)
On-premise deployment is available for Enterprise customers who require complete control over their infrastructure. Contact our team for details.
Operational Security
How we keep the platform secure every day
Secure Development Lifecycle
All code undergoes mandatory peer review, static analysis (SAST), dependency scanning, and automated security testing before deployment. We follow OWASP Top 10 guidelines and maintain a secure coding handbook.
Infrastructure Hardening
Servers are hardened following CIS benchmarks. Containers run as non-root with minimal attack surface. Infrastructure is defined as code (Terraform) with change detection and approval workflows.
Incident Response
Documented incident response plan with defined severity levels, escalation paths, and communication templates. 24/7 on-call rotation with 15-minute response SLA for critical incidents. Post-incident reviews published to affected customers.
Employee Security
All employees complete security awareness training quarterly. Background checks for team members with data access. Principle of least privilege applied to all internal systems with hardware security key requirements.
Vendor Management
Third-party vendors undergo security assessment before onboarding. Annual reviews of vendor security posture. Data processing agreements in place with all sub-processors.
Have security questions?
Our security team is available to discuss your requirements, provide compliance documentation, or schedule a security review.