Data protection
Last updated 2026-05-23
Healthcare data is sensitive. DAWINI applies technical and organisational measures designed to protect it end to end.
Encryption at rest and in transit
All data is encrypted in transit (TLS 1.2+) and at rest. Medical files require signed URLs with short expiry — public file URLs do not exist.
Access control
Role-based access is enforced server-side. Doctors see only their consenting patients' records; admins have audit-logged access for support cases only.
Audit trail
Every read, write and delete on a medical record is recorded in an append-only audit log, queryable for compliance review.
Data residency
DAWINI runs on infrastructure meeting Algerian healthcare data residency expectations. Specifics are available under NDA for institutional partners.
Incident response
Suspected breaches trigger a defined response — containment, notification to affected users, and a public post-mortem when appropriate.
Reach security
Report a vulnerability or ask a question at security@dawini.pro. We acknowledge within 48 hours.