Security Posture
MITTAI applies controls-aligned, security-by-design practices. We do not over-claim. This page describes our posture without absolute certification assertions.
Controls and practices
Security-by-design
Controls embedded in the platform from design to deployment.
Audit trail
Every capture, edit, and access logged with timestamps for traceability.
Least privilege
Role-based access; users see only what they need for their function.
Encryption
In transit (TLS) and at rest (AES-256).
Access logging
Comprehensive logs for identity, access, and actions.
Region-aware alignment
India
Controls aligned with the Digital Personal Data Protection Act (DPDP) 2023. Interoperability with ABDM building blocks (e.g., ABHA, HIE-CM patterns) supported. Data residency in India where required. Consent, minimization, breach notification, and data-principal rights supported.
UAE and Southeast Asia
Controls aligned with local regulatory requirements. Data residency options available. Encryption, access controls, and audit trails applied consistently.
United States (dental)
Controls aligned with HIPAA expectations for covered entities. A Business Associate Agreement (BAA) is available on request. Encryption, access logging, and breach notification alignment included.
Data ownership
The hospital or clinic remains the Data Fiduciary (or covered entity, in US terms). MITTAI acts as the Data Processor and processes data only per documented instructions. You own your data. We do not use your data for purposes beyond the contracted services.
Offboarding
When you end your engagement with MITTAI, we support structured export and permanent deletion of your data. Export formats (e.g., FHIR, structured JSON) are agreed at onboarding. Deletion is completed within the timeframe defined in the Data Processing Addendum (DPA). A Certificate of Data Destruction is available on request.
Platform security and data ownership FAQ
Who owns the data processed by MITTAI?
The hospital or clinic (Data Fiduciary) owns the data. MITTAI acts as the Data Processor, processing only per documented instructions.
How is data secured in transit and at rest?
Encryption in transit (TLS) and at rest (AES-256). Access is logged and role-based.
Can we export or delete our data when we leave?
Yes. Offboarding includes structured export and permanent deletion of your data. See the Offboarding section.
Is MITTAI HIPAA-ready for US dental?
Controls are aligned with HIPAA expectations. A Business Associate Agreement (BAA) is available on request for covered entities.
How does MITTAI handle India DPDP and ABDM?
Controls aligned with DPDP Act principles. Interoperability with ABDM building blocks (e.g., ABHA) supported where applicable.
Do you make certification claims (e.g., SOC 2, HIPAA certified)?
We do not make public certification claims on this page. Security and compliance documentation is available under NDA.
