Security & trust

Your family's health data, treated like it matters.

Health data is among the most sensitive information a family owns. ANSR is built — from the first line of code — with the assumption that losing it would be a catastrophe. Here's exactly what that means.

Three promises we made before we wrote any code

What we will never do with your parent's health data.

Never 01

We will never sell it.

Not to insurers, pharma, advertisers, analytics firms, data brokers, or anyone else. Your data is not a product.

Never 02

We will never share it.

Not with any third party, ever — except the specific family members and clinicians you explicitly authorise in the app, and the cloud infrastructure needed to operate it.

Never 03

We will never train ads on it.

No behavioural ad models, no look-alike audiences, no personalisation experiments. Your parent's BP reading is not an ad signal.

How we protect it

Defence in depth. No single point of failure.

Encryption, end-to-end

Every byte your family sends us is encrypted the moment it leaves the device and stays encrypted until it's read by someone you've authorised.

  • In transit: TLS 1.2 or 1.3, modern cipher suites only
  • At rest: AES-256 on database, backups, and file storage (S3 with SSE-KMS)
  • PII fields: Phone, email, addresses encrypted with per-field keys — even our engineers can't read them in the database
  • Key management: AWS KMS with automatic rotation

HIPAA-aligned by design

ANSR is built against HIPAA Security Rule standards from day one — the same framework US hospitals use. We're also compliant with India's Digital Personal Data Protection Act 2023.

  • Full audit log of every read and write on health data
  • Least-privilege access roles — the marketing team cannot query your vitals
  • BAA-ready for partner hospitals and clinics
  • India DPDP-compliant: consent, purpose limitation, right to delete

Data residency you can verify

Your parent's data lives on AWS infrastructure in India (ap-south-1, Mumbai) by default. It does not leave the region unless you explicitly authorise cross-border sharing with a US-based doctor.

  • Production data: AWS Mumbai (ap-south-1)
  • Backups: encrypted, same region, 7-year retention
  • Transfer logs: every cross-border read is logged and visible to you

Operations & monitoring

The boring parts that actually prevent incidents. We invest in them before we invest in features.

  • 24/7 monitoring, automated anomaly detection, on-call rotation
  • Dependency scans + vulnerability patching every 7 days
  • Secrets never checked into code — AWS Secrets Manager
  • Incident response plan with 72-hour breach notification
Your rights

The data is your family's. Always.

We won't hold your data hostage

Email hello@ansrhealthai.com and we prepare a complete copy of your family's records — every check-in, vital, alert, medication log, and uploaded document — within 7 business days. Free of charge. Self-service one-tap export is on the roadmap.

Delete everything

Close your account and we remove every record from our production systems within 30 days, and from backups within 90 days. You get written confirmation.

Revoke access granularly

Your sister can read vitals but not chat history. Your doctor can see reports but not the caregiver's notes. Every role is editable by you, every change is logged.

Your parent can always say no

Any check-in prompt includes a "skip" option. Parents can pause check-ins for a day or a week with one reply. They're not being monitored — they're being supported.

Ask us anything

Have a question about how we handle your data?

Security team: hello@ansrhealthai.com · we respond within 24 hours, weekdays. For a signed DPA or BAA ahead of a hospital partnership, same inbox works.

Join the private preview