Security

At HelloClinic, we consider the security of your data our highest priority. We employ a multi-layered security strategy, from the infrastructure to the application level, to comprehensively protect your sensitive information.

Infrastructure Security

All of HelloClinic's services are deployed on the world-class cloud platform, Google Cloud. Google Cloud provides top-tier infrastructure security, compliant with numerous international security standards, including SOC 1/2/3, ISO/IEC 27001, ISO/IEC 27017, and ISO/IEC 27018.

• Physical Security: Google's data centers use strict physical security measures, including multi-layered security zones, biometric access controls, and 24/7 monitoring, to ensure that only authorized personnel can access the servers.
• System Security: We leverage Google Cloud's security features, such as hardened operating systems, regular security updates, and vulnerability scanning, to protect our servers from attacks.

Network Security

We use Cloudflare to protect our network perimeter and defend against various network attacks.

• DDoS Protection: Cloudflare provides advanced Distributed Denial of Service (DDoS) attack mitigation, ensuring the availability and stability of our services.
• Web Application Firewall (WAF): We deploy a WAF to filter and monitor HTTP traffic, preventing common web attacks like SQL injection and Cross-Site Scripting (XSS).
• Secure Transmission: All data transmitted between your browser and our servers is encrypted using Transport Layer Security (TLS 1.2 or higher), ensuring the confidentiality and integrity of your data in transit.

Data Encryption

We encrypt your data both at rest and in transit.

• Data at Rest Encryption: All personal data stored in our databases and file systems is encrypted using strong encryption algorithms, such as AES-256. This means that even in the extreme case of unauthorized access, the data cannot be read.
• Data in Transit Encryption: As mentioned above, all network communications are encrypted with TLS.

Access Control

We implement strict access control policies to ensure that only authorized personnel can access your data.

• Principle of Least Privilege: Our employees can only access the minimum amount of data necessary to perform their duties. All access is logged and audited.
• Role-Based Access Control (RBAC): Clinic administrators can set different access permissions for their staff, precisely controlling the scope of data each user can view and manipulate.
• Strong Password Policy & Multi-Factor Authentication (MFA): We require all users to set strong passwords and strongly recommend enabling MFA to add an extra layer of security to your account.

Application Security

Our development process follows security best practices.

• Secure Development Lifecycle (SDLC): We integrate security considerations into every stage of software development, including code reviews, security testing, and vulnerability scanning.
• Regular Penetration Testing: We regularly engage independent third-party security experts to conduct penetration tests on our systems to identify and remediate potential security vulnerabilities.

Your Responsibility

Protecting your account is a shared responsibility. We strongly advise you to:

• Set a unique and strong password.
• Enable Multi-Factor Authentication (MFA).
• Do not share your login credentials with others.
• Keep your contact information up to date.

If you have any questions about our security measures, please do not hesitate to contact us.