Your patients trust you with their health data. We take that responsibility seriously. Here's how Dentara protects your practice.
All connections are encrypted with TLS 1.2+. HTTP requests are automatically redirected to HTTPS. Certificates are auto-renewed via Let's Encrypt.
PostgreSQL with connection-level encryption. All queries use parameterized statements to prevent SQL injection.
SSH key-only authentication (no passwords), UFW firewall with minimal open ports, fail2ban for brute-force protection.
Unattended security updates enabled. Server packages and dependencies are regularly patched.
Granular permissions: Admin, Dentist, Receptionist, Staff. Each role sees only what they need. Audit trails for all actions.
HTTP-only, secure cookies. Automatic session expiry. No sensitive data stored client-side.
All state-changing requests are protected against cross-site request forgery attacks.
Every input is validated with Zod schemas on both client and server. No unvalidated data reaches the database.
Drizzle ORM with parameterized queries as the default. Any raw SQL usage is limited and carefully reviewed to prevent injection.
React's built-in escaping, Content Security Policy headers, and sanitized user inputs prevent cross-site scripting attacks.
Each clinic's data is logically isolated. Cross-tenant access is architecturally impossible.
All passwords are hashed with bcrypt (cost factor 12). We never store or log plaintext passwords.
Sessions expire after inactivity. Sensitive operations require re-authentication.
Every significant action is logged: logins, record changes, exports, permission changes — with timestamp and user.
Patient consent forms are tracked digitally. Clinics can manage consent records per patient.
WhatsApp messages sent via end-to-end encrypted protocol. No patient data in error reports.
Compliant with India's Digital Personal Data Protection Act. Consent-based processing, data principal rights, breach notification within 72 hours.
While not yet HIPAA certified, our security controls align with HIPAA requirements. Formal certification is on our roadmap.
Billing records retained for 8 years per GST Act requirements. Medical records retained minimum 3 years per Indian Medical Council.
Digital consent tracking, purpose limitation, data minimization, and the right to withdraw consent at any time.
| Data Type | Retention Period | Regulation |
|---|---|---|
| Patient / Medical Records | Minimum 3 years | Indian Medical Council |
| Billing & GST Records | 8 years | GST Act / Income Tax Act |
| Audit Logs | 2 years | Security Best Practice |
| Session Data | 30 days | Operational |
| Appointment Reminders | 90 days | Operational |
| Account Data | Until deletion | Consent / DPDPA |
We welcome responsible security researchers. If you discover a vulnerability in Dentara, please report it to us privately. Do not publicly disclose the issue until we have had a chance to address it.
We aim to acknowledge reports within 48 hours and resolve critical issues within 7 days.