DrGuru.ai DrGuru.ai

Security at DrGuru.ai

Your trust is our first priority. We design every feature—3D Health Lens, AI Chat, sharing, and trends—with security and consent in mind.

Last updated: December 6, 2025

🔐 Encryption

TLS in transit; encrypted storage for databases and files.

🧾 Consent & Access

Granular, time-boxed sharing; revoke anytime with receipts.

📝 Audit Logging

Important actions are logged for accountability and investigation.

🤝 Third-party Processing

Only necessary data is shared with essential providers under contract.

Data Protection

  • Transport security: HTTPS/TLS for all app traffic.
  • Encryption at rest: Databases and object storage use provider-level encryption.
  • Password protection: Industry-standard password hashing (e.g., Argon2/bcrypt).
  • Secrets handling: Environment-based configuration; no secrets in code.
  • File access: Private object storage with expiring signed URLs.

Access & Consent

  • Least privilege: Role-based access for patients, clinicians, and family managers.
  • Granular sharing: Share a document or an entire dashboard, time-boxed and revocable.
  • Consent receipts: We keep a record of grants and revocations.
  • Doctor verification: OCR’d values can be verified by clinicians for reliability.

Monitoring & Logging

  • • Critical actions are logged with timestamps and user context.
  • • Logs are retained for security investigations and product quality.

Backups & Continuity

  • • Encrypted backups of critical data.
  • • Disaster-recovery planning focuses on restoring core services and records.

Software Security

  • • Regular dependency updates and security patches.
  • • Input validation, file-type checks, and permission checks at endpoints.
  • • Separation between public content and private records.

Third-party Services

  • Cloud & storage: reputable infrastructure providers.
  • AI processing: prompts/snippets sent only as needed to generate answers.
  • Analytics: minimal usage to improve product; see Privacy for choices.

We maintain contracts and data-processing terms with key providers.

Responsible Disclosure

If you believe you’ve found a vulnerability, please email [email protected]. Don’t test against real patient data. We’ll acknowledge and work with you to remediate.

Compliance

  • • We follow GDPR principles for EU users (lawfulness, purpose limitation, data minimization, accuracy, storage limitation, integrity/confidentiality).
  • • For U.S. healthcare partners, we align features with HIPAA concepts and offer DPAs/BAAs where applicable.
  • • We do not claim formal certification unless explicitly stated in writing.

Contact

Security questions? Reach us at [email protected].