Security

At MedixaLink, we apply reasonable measures to protect the confidentiality, integrity, and availability of information. This page summarizes typical controls implemented or planned.

1. Data Protection

• Encryption in transit: use of HTTPS/TLS to protect communications.
• Encryption at rest: encryption at provider/infra level and encryption of certain sensitive fields (PII) at application level.
• Tenant separation: logical isolation between clinics/organizations.

2. Access Control

• User authentication (e.g., SSO/Google depending on configuration).
• Roles and permissions (least privilege).
• Sessions with expiration and anti-CSRF protections where applicable.

3. Auditing and Traceability

We may log relevant events (login, permission changes, module access, critical operations) for diagnosis and compliance.

4. Backups and Continuity

We implement backups and recovery mechanisms. Retention and restoration times depend on the plan/deployment environment.

5. Incident Management

We have a process to investigate and mitigate security incidents. When applicable, we will notify customers in accordance with applicable regulations and contractual agreements.

6. Customer Best Practices

• Use strong passwords and/or SSO.
• Assign minimum permissions and review access periodically.
• Do not share credentials.
• Comply with internal policies regarding access to medical records and confidentiality.

7. Contact

To report vulnerabilities or incidents: info+vulnerabilidad@bladelink.company.