Security

Enterprise-grade protection for healthcare data

At MedConsult AI, security isn't a feature—it's the foundation. We've built our platform with defense-in-depth principles, ensuring patient data is protected at every layer from ingestion to delivery.

Encryption

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). We use industry-standard cryptographic protocols.

Authentication

Secure OAuth 2.0 authentication via Google. Sessions are cryptographically signed and automatically expire.

Data Isolation

Complete user-level isolation. Every database query is scoped to the authenticated user—no cross-user access possible.

Audit Logging

Comprehensive audit trail of all user actions, file operations, and security events. Full forensic readiness.

Infrastructure

Hosted on Vercel's SOC 2 compliant infrastructure with automatic scaling, DDoS protection, and global edge network.

Monitoring

Real-time security event monitoring, anomaly detection, and alerting for suspicious activities.

File Security

Every file uploaded to MedConsult AI goes through multiple security layers:

  • Size limits enforced (50MB audio, 25MB documents)
  • MIME type validation against whitelist
  • Magic number verification to detect disguised files
  • Filename sanitization to prevent path traversal
  • SHA-256 checksum verification
  • Virus scanning before processing
  • PDF macro and JavaScript detection

API Security

  • All endpoints require authenticated sessions
  • CSRF protection on state-changing operations
  • Rate limiting to prevent abuse
  • Input validation and sanitization
  • Parameterized queries to prevent SQL injection
  • Content Security Policy headers

Email Security

  • DKIM-signed emails from verified domain
  • SPF records prevent email spoofing
  • TLS encryption for email delivery
  • Complete audit trail of all sent emails
  • Delivery status tracking and error logging

Compliance

MedConsult AI is designed with healthcare compliance in mind:

  • HIPAA-ready architecture (BAA available for enterprise customers)
  • GDPR-compliant data handling with user rights support
  • SOC 2 Type II compliant infrastructure (Vercel, Neon)
  • Regular security assessments and penetration testing
  • Data retention policies and secure deletion

Responsible Disclosure

We welcome security researchers to report vulnerabilities responsibly. If you discover a security issue, please email us at security@mediconsultai.com. We commit to acknowledging reports within 24 hours and providing updates as we investigate and remediate issues.