Skip to Content

Data Security

At Health Attai, we are deeply committed to safeguarding your data and ensuring your privacy. We embed security at multiple stages within our products to maintain robust security measures. Our comprehensive data and privacy security design is engineered to protect our systems from various attacks.

Our Core Privacy Principles


  • We will never rent or sell your information or data to anyone.
  • We do not use or transfer your data for serving ads, including retargeting, personalised, or interest-based advertising.
  • We will never provide any part of your information to anyone unless you explicitly agree it.
  • For more information on our privacy practices, please refer to our Privacy Policy.

Secure Cloud Infrastructure


Our platform is hosted on a Virtual Private Cloud on Amazon Web Services (AWS). This provides a secure and scalable technology platform, enabling us to deliver services securely and reliably. Our infrastructure is launched in AWS compliance Framework and incorporates security practices from the AWS Cloud Adoption Framework. All our servers are launched using the Center for Internet Security Benchmarks for Amazon Linux.


Secure Communication and Network


  • We use the HTTPS protocol for our website and mobile applications.
  • All communication between the Platform and our servers is protected via 256-bit encrypted HTTPS protocol. This helps prevent Man-in-the-Middle (MITM) attacks, ensuring your connection with us is fully secure.
  • We have strict network segmentation and isolation of environments and services in place.

Robust Host Security


We employ industry-leading solutions to secure our hosts, including:


  • Anti-virus and anti-malware protection.
  • Intrusion Prevention Systems (IPS) and Intrusion Detection Systems (IDS).
  • File Integrity Monitoring (FIM).
  • Application control.
  • Application and audit log aggregation.
  • Automated patching.

Comprehensive Data Protection


  • User log-in is based on One-Time Password (OTP) authentication.
  • All user data and internal stored data are protected by encryption at rest.
  • Sensitive data benefits from application-level encryption.
  • We use key management services to limit access to data, with access generally restricted to our dedicated data team.
  • For data resiliency and disaster recovery, we utilise data replication.
  • Snapshotting is employed for data durability, and backup/restore testing ensures data reliability.

Strict Access Control and Data Usage


  • We implement separation of environments and segregation of duties.
  • We have strict role-based access control on a documented, authorised, and need-to-use basis.
  • For internal analytics and business intelligence purposes, we only use anonymised and aggregated data.

Proactive Incident and Change Management


  • We have deployed mature processes around Change Management, ensuring thoroughly tested features are released reliably and securely.
  • We maintain a very aggressive stance on Incident Management for both system downtime and security.
  • An Information Security Management System is in place within our Security and Network Operations Center, enabling us to quickly react to, remediate, or escalate any incidents arising from planned or unplanned changes.

Continuous Security Assessment and Audits


  • We collaborate with a network security team that employs industry-leading products to conduct manual and automated Vulnerability Assessment and Penetration Testing (VA/PT) activities. This includes penetration testing of all our applications and endpoints.
  • We integrate both static application security testing (SAST) and dynamic application security testing (DAST) into our continuous integration/continuous deployment (CI/CD) pipeline.
  • We leverage CERT-IN certified auditors to perform periodic external testing and audits.
  • We undergo an annual security assessment from a Google-designated third party. We ensure this assessment is updated regularly or as per Google's instructions, and we publish the "letter of assessment" on the health attai website and mobile applications.

Responsible Disclosure Program


We are dedicated to the security of your data and privacy. If you are a security enthusiast or researcher and discover a possible security vulnerability on health attai, we strongly encourage you to report the issue to us responsibly.


  • You can submit a bug report to us at contact@destratum.com with detailed steps required to reproduce the vulnerability.
  • We will make our best efforts to investigate and fix legitimate issues within a reasonable timeframe. We kindly request that you do not publicly disclose the vulnerability while we are addressing it.