Security
Enterprise-grade protection for your most sensitive data
Our Security Philosophy
At Shiora, security isn't an afterthought. It's foundational to everything we build. We employ a defense-in-depth strategy with multiple layers of protection, ensuring your health data remains confidential, intact, and available only to you and those you authorize.
Encryption Standards
Data at Rest: All stored data is encrypted using AES-256, the same standard used by governments and financial institutions worldwide.
Data in Transit: All communications are protected with TLS 1.3 encryption, ensuring data cannot be intercepted during transmission.
End-to-End Encryption: Sensitive health communications feature end-to-end encryption where only you and your intended recipient can access the content.
Infrastructure Security
Our infrastructure is hosted on SOC 2 Type II certified cloud platforms with: 24/7 monitoring and threat detection, DDoS protection, Web Application Firewalls (WAF), Regular penetration testing by third-party security firms, Automated vulnerability scanning, and Geo-redundant data backups.
Access Controls
Multi-Factor Authentication: Protect your account with biometric, SMS, or authenticator app verification.
Role-Based Access: Internal access to data follows strict need-to-know principles with comprehensive audit logging.
Session Management: Automatic session timeouts and single-device enforcement options for enhanced security.
Compliance & Certifications
Shiora maintains compliance with: HIPAA (Health Insurance Portability and Accountability Act) principles, GDPR (General Data Protection Regulation), ISO 27001 Information Security Management, SOC 2 Type II, and ADGM Data Protection Regulations.
Incident Response
Our dedicated security team maintains a comprehensive incident response plan with: 24/7 security operations monitoring, Rapid threat containment procedures, Transparent breach notification within 72 hours, and Post-incident analysis and prevention updates.
Report a Vulnerability
We welcome responsible disclosure from security researchers. Contact our security team at security@shiora.health