Security & Compliance
How we protect your patient data.
Data encryption
All data is encrypted at rest (AES-256) and in transit (TLS 1.3). Patient records, prescriptions, and billing information are never stored or transmitted in plain text.
Infrastructure
docPlus runs on secure cloud infrastructure with data centers in India. We use industry-standard cloud providers with SOC 2 Type II certification.
Access control
Role-based access control ensures that only authorized users can access sensitive data. Clinic owners control who sees what. Two-factor authentication is available for admin accounts.
DPDPA 2023 compliance
docPlus is designed to be compliant with India's Digital Personal Data Protection Act 2023. We follow data minimization principles, provide consent management, and enable data portability.
Audit logs
Enterprise plan includes comprehensive audit logs — every data access, modification, and export is logged with user, timestamp, and action details.
Data backup
Automated daily backups with point-in-time recovery. Backups are encrypted and stored in a separate geographic region within India.
Data ownership
You own your patient data. You can export all data at any time in standard formats. If you cancel, your data is retained for 30 days before permanent deletion.