Defense-in-Depth Security for Your Practice
HomeoNetix is built by NETIX INFOTECH PRIVATE LIMITED on the principle that patient trust starts with strong, transparent security. This page describes the controls we operate to protect your clinic and your patients' data.
Security Controls at a Glance
End-to-End Encryption
AES-256 at rest and TLS 1.2+ in transit for all customer and patient data.
Strong Authentication
OAuth2 + JWT sessions, optional MFA, hardened password policies and Auth0-backed identity.
AWS-Hosted Infrastructure
Hosted on AWS in India inside a private VPC with network segmentation and least-privilege IAM.
Role-Based Access Control
Granular RBAC and permissions enforce least-privilege access for doctors, staff and admins.
Multi-Tenant Isolation
Every clinic is logically isolated. All queries are scoped by tenant — no cross-tenant reads.
Backups & PITR
Automated daily backups, point-in-time recovery and geographically separated copies.
24/7 Monitoring
Continuous logging, anomaly detection and on-call response for security and availability events.
Audit Logging
Immutable audit trail for clinical writes — every change records who, what and when.
Regular Pen-Testing
SAST, DAST and periodic third-party penetration tests; tracked through to remediation.
How We Protect Your Data
Encryption
- AES-256 encryption for data at rest in databases and object storage.
- TLS 1.2+ for every API call between your browser and our servers.
- Encryption keys managed by AWS Key Management Service (KMS).
- Encrypted backups stored in geographically separated zones.
Access Control
- OAuth2 + JWT-based authentication via Auth0.
- Optional multi-factor authentication on all accounts.
- Role-based permissions for doctors, staff and admins.
- Just-in-time, audited access for our engineers — only when needed for support.
Tenant Isolation
- Every record is tagged with a tenant identifier.
- All database queries are scoped by tenant — no cross-clinic reads.
- Strict schema ownership across services (clinical / platform separation).
- Continuous tests guard against tenant-isolation regressions.
Audit & Integrity
- Append-only audit log for clinical writes.
- Soft-delete on medical records — never hard-deleted.
- AI miasm analysis interactions are logged for traceability.
- Webhook idempotency keys prevent duplicate processing.
Secure Infrastructure & Hosting
HomeoNetix is hosted on Amazon Web Services (AWS) in India. Production workloads run inside isolated VPCs with security groups, private subnets, network ACLs and least-privilege IAM policies.
Targeted Monthly Uptime
Security Monitoring
Data Residency
Network Security
Web Application Firewall (WAF), DDoS protection, rate-limiting and intrusion prevention at the edge. Sensitive services are private and reachable only over internal networks.
Host Hardening
Containerised services with hardened base images, automated patching, anti-virus and host-based intrusion detection on long-lived hosts.
Data Resilience
Multi-AZ database deployments with synchronous replication, automated daily backups, point-in-time recovery and periodic restore drills.
Secure SDLC
Mandatory code review, dependency scanning, secrets scanning, SAST/DAST in CI and staged rollouts with health checks and rollback.
Compliance & Standards
We operate the platform in alignment with leading healthcare and data-protection frameworks. Our roadmap includes formal certifications as we mature.
Incident Response & Business Continuity
Detect
24/7 monitoring of infrastructure, applications and security events. Alerts route to on-call engineers within minutes.
Respond
Documented runbooks with severity tiers, communication templates and pre-approved isolation actions to contain incidents quickly.
Recover
Point-in-time recovery, multi-AZ failover and periodic restore drills target a short recovery time objective for critical clinical services.
Breach notification: if we detect a personal data breach that is likely to result in risk to the rights and freedoms of affected individuals, we will notify the affected clinic and relevant authorities within the timelines required by applicable law, including CERT-In and DPDP Act requirements in India, and GDPR / HIPAA timelines where applicable.
People & Process
Background Checks
Employees and contractors with access to production systems sign confidentiality agreements and are subject to background verification.
Security Training
Mandatory security and privacy training on onboarding, with periodic refreshers on phishing, secure coding and data-handling.
Least Privilege
Production access is restricted, time-bound and audited. Sensitive operations require multi-party approval.
Vendor Management
Sub-processors are vetted for security and privacy posture and are bound by contractual data-protection commitments.
Sub-Processors
We work with a small, carefully chosen set of sub-processors to deliver the Services. Each is bound by contractual obligations of confidentiality and security.
| Sub-processor | Purpose |
|---|---|
| Amazon Web Services (AWS) | Cloud hosting, storage, networking (Mumbai region) |
| Auth0 | Authentication and identity management |
| Razorpay | Payments and subscription billing |
| Brevo | Transactional and clinical email delivery |
| MSG91 / Meta WhatsApp Business | SMS and WhatsApp notifications |
Responsible Disclosure
If you believe you have discovered a security vulnerability in HomeoNetix, please report it to us privately. We treat all reports seriously and aim to acknowledge them within two business days.
Please do not perform testing that may degrade the Services, access data that is not your own, or violate the privacy of any patient or user. Acting in good faith and within these guidelines, we will not pursue legal action for your research.
Report a Security IssueNETIX INFOTECH PRIVATE LIMITED · Office 204, Sapphire Chambers, S.No. 2/3/1 & 2/3/2, Rivires, Baner Gaon, Haveli, Pune – 411045, Maharashtra, India