Product
Data Security FAQs
13 min
data privacy & protection q1 how does sanoflow protect my clinic’s patient data? q2 what data protection regulations does sanoflow comply with? sanoflow prioritizes the security and privacy of all customer data we fully comply with uae federal decree law no 45 of 2021 on personal data protection uae federal law no 2 of 2019 on the use of ict in healthcare uae ministry of health and prevention (mohap) regulations telecommunications and digital government regulatory authority (tdra) standards general data protection regulation (gdpr), where applicable our systems and practices are aligned with the highest standards of healthcare data privacy globally and locally q3 is my data stored within the uae? q4 does sanoflow use uae based hosting? yes all customer data is securely stored in microsoft azure's uae based, ssae 16 / soc2 certified data centers, ensuring compliance with uae data residency regulations q5 is my clinic’s data encrypted? absolutely data in transit is encrypted using industry standard tls protocols data at rest is encrypted using aes 256 encryption this protects your information against unauthorized access at every stage security measures and access control q6 what security measures does sanoflow have in place? sanoflow applies robust, multi layered protection full encryption (tls and aes 256) role based access controls (rbac) to ensure that only authorized personnel can access sensitive data multi layered firewall protections routine backups to maintain data integrity and support disaster recovery q7 who can access our clinic’s patient data inside sanoflow? only users you authorize sanoflow enforces strict role based access controls, so every user sees only what their job role permits q8 does sanoflow keep track of who accesses or changes data? yes every user action, including access, changes, and deletions, is logged in detailed audit trails these logs are available upon request for compliance reviews confidentiality and non disclosure q9 will sanoflow share our data with third parties? q10 how does sanoflow ensure confidentiality? sanoflow strictly protects your confidential information we will never disclose your data to third parties without your written consent, except if required by law our confidentiality obligations continue even after the termination of any agreement with you incident response and breach notifications q11 what happens if there is a security breach? q12 will sanoflow notify us if our data is compromised? if any security incident occurs, sanoflow follows a formal incident response plan immediate containment and investigation of the incident notification to your designated contact immediately, including full details of what happened what data was affected corrective actions being taken we believe in full transparency during any incident customer responsibilities q13 what are our clinic’s responsibilities in protecting data while using sanoflow? while sanoflow secures the platform, customers are responsible for maintaining secure and confidential user accounts and passwords promptly notifying sanoflow of any suspected unauthorized access or breaches related to their accounts ensuring internal adherence to patient consent policies and applicable data regulations cross border data and residency q14 will our patient data ever leave the uae? by default, no sanoflow hosts all data within the uae any cross border transfer would require your explicit written approval beforehand regulatory compliance q15 how does sanoflow comply with healthcare sector regulations? sanoflow aligns with healthcare specific regulations and best practices by integrating securely with your healthcare information system (his) supporting interoperability standards handling whatsapp and social media communication in compliance with meta business messaging requirements (opt ins/opt outs managed properly) regular audits and adherence to health authority privacy frameworks q16 will sanoflow help us during audits? q17 can we request access to logs and records for compliance checks? yes at your reasonable request and with appropriate notice, sanoflow will fully cooperate with compliance audits, providing access to relevant data logs and security audit trails messaging compliance (meta) q18 how does sanoflow ensure our whatsapp messages stay compliant with meta’s rules? sanoflow only sends patient messages using meta approved templates implements proper opt in and opt out mechanisms provides template review and guidance to reduce rejection risks monitors whatsapp template approval statuses and informs you if compliance risks arise