ekala.ai logo

Security

Trust is the product. ekala.ai is designed so clinicians stay in control while organizations get the governance and security controls needed for India healthcare deployments.

Security Q&A Privacy Policy

Summary

  • • Encryption in transit & at rest (placeholder)
  • • RBAC + audit logs (placeholder)
  • • Configurable retention (placeholder)
  • • DPDP / HIPAA / SOC 2-ready controls (deployment dependent)

Replace placeholders with your actual architecture and certifications once finalized.

Principles

How we think about safety, privacy, and control.

Clinician control

Drafts are generated for review. You decide what gets finalized, exported, shared, or actioned.

Human-in-the-loop actions

For agentic workflows, require clinician or admin approvals before any action (placeholder).

Least privilege

Role-based access so teams see only what they need (placeholder).

Encryption

Encrypt data in transit and at rest with modern standards (placeholder).

Configurable retention

Set retention and deletion policies based on your governance needs (placeholder).

Controls (placeholders)

Enterprise controls are typically enabled per deployment. Use this section to list what’s shipped today vs. on the roadmap.

Audit logs for access and changes (placeholder)SSO / SAML for enterprise (placeholder)IP allowlists for hospital networks (placeholder)DLP controls for exports (placeholder)Data residency options (India/region) (placeholder)

Compliance notes (placeholders)

  • • DPDP (India) — deployments can be configured to meet DPDP requirements (scope + configuration dependent)
  • • HIPAA (US) — deployments can be configured for HIPAA compliance (scope + configuration dependent)
  • • SOC 2 — controls aligned to SOC 2 criteria; audit/report availability depends on current certification status

Note: Compliance is deployment + contract dependent. Don’t claim certifications unless you’ve completed them.

Patient consent

Recording workflows should be explicit and respectful.

  • • Ask for consent before recording a consult.
  • • Prefer visible indicators when capture is running (placeholder).
  • • Provide opt-out paths and document them (placeholder).
  • • Use retention policies aligned with your governance and local regulations (placeholder).

Need a security review?

We can share a security overview, deployment options, and answers for your hospital/clinic IT team (placeholders).

Contact Security Pricing