Our Security Commitments

ReproAlign Technologies is a security-first healthcare AI startup. We operate an Information Security Program aligned to SOC 2 principles and India's Digital Personal Data Protection Act (DPDPA), with a roadmap for US and UAE requirements.

Our platform is hosted on leading cloud providers with robust physical and infrastructure security. We architect for security by default using least privilege, network segmentation, and encryption.

Access to systems and data follows the principle of least privilege with multi-factor authentication and centralized identity controls.

• SSO and MFA where supported for internal systems
• Role-based access control with quarterly reviews
• Just-in-time access for elevated operations
• Audit logging for administrative actions

As a growing company, we are actively formalizing controls and engaging assessors to validate our program. Our focus includes jurisdictions where we operate or serve customers.

• DPDPA (India): operational alignment in progress; policy and rights workflows active
• SOC 2 Type I/II: control design complete; audit engagement planned
• HIPAA (US): safeguards mapped for applicable services; BAAs with covered entities as needed
• UAE health data regulations: evaluating hosting and data residency options

Note: Unless expressly stated, certifications are in-progress and not yet awarded.

We maintain escalation procedures for security events, including triage, containment, eradication, recovery, and customer communication where required by law or contract.

• 24x7 monitoring of critical systems and alerts
• Playbooks for common scenarios (credential compromise, vulnerability disclosures)
• Post-incident reviews and corrective action tracking

Have a security question or found a potential vulnerability? Please contact us. We appreciate responsible disclosure and will work with you to remediate issues.