Enterprise-Grade Security & Compliance Built for Healthcare

Security-first architecture

Healthcare data is highly sensitive, so RxGPT is designed with privacy-by-design controls from day one. We align our platform to healthcare-grade standards and keep security controls active across infrastructure, access management, and operations.

Compliance certifications and frameworks

• SOC 2 Type II with annual third-party audits.
• HIPAA-aligned safeguards, with Business Associate Agreement (BAA) support.
• GDPR controls for data subject rights, consent, and processor obligations.
• ABDM-compatible consent and data handling workflows for India deployments.

Encryption and data protection

• AES-256 encryption for data at rest.
• TLS 1.3 for data in transit.
• Managed key rotation with secure key lifecycle controls.
• Audit trails for authentication, access, and administrative actions.

Federated learning and residency controls

RxGPT supports federated learning patterns so sensitive data can remain in-hospital while models improve through anonymized learnings. This helps organizations meet data residency expectations and reduce centralized PHI exposure.

Access controls and incident response

We enforce role-based access control (RBAC), support SSO, and require strong authentication policies including MFA. Incident response playbooks include detection, containment, stakeholder communication, and post-incident remediation.