Data Protection & Security Policy

Effective Date: 01 Sep 2025
Last Updated: 01 Sep 2025

At Asklepia AI, we are committed to safeguarding the confidentiality, integrity, and availability of all data entrusted to us. This Data Protection & Security Policy explains how we secure sensitive data—particularly healthcare-related data—and ensure compliance with international standards.

1. Scope

This policy applies to all services provided by Asklepia AI, including:

  • Healthcare SaaS Platform → AI Appointment Booking, Rescheduling, and Reminder Agent integrated with WhatsApp Cloud API.

2. Data Protection Principles

We adhere to globally recognized data protection frameworks such as GDPR (EU), HIPAA (U.S., where applicable), and other relevant regulations. Our practices are guided by:

  • Lawfulness, Fairness, and Transparency → Data is collected and processed lawfully and transparently.

  • Data Minimization → We collect only the data necessary to provide our services.

  • Purpose Limitation → Data is used strictly for agreed purposes (e.g., appointment scheduling).

  • Integrity & Confidentiality → Data is protected with strong encryption and security controls.

3. Security Measures

a) Encryption

  • All sensitive communications are encrypted in transit (TLS/SSL).

  • Patient messages via WhatsApp Cloud API are secured with end-to-end encryption.

  • Stored healthcare data is encrypted at rest using industry-standard AES-256 encryption.

b) Hosting & Infrastructure Security

  • Our Healthcare SaaS is hosted on Amazon Web Services (AWS) with enterprise-grade security.

  • AWS infrastructure complies with international certifications such as ISO 27001, SOC 2, and HIPAA-eligible services.

  • Data is stored in secure regions, with backups and redundancy to prevent data loss.

c) Access Control

  • Strict role-based access ensures only authorized personnel and hospital/clinic staff can access relevant data.

  • Multi-factor authentication (MFA) is enforced for administrative accounts.

  • Regular audits are performed to monitor and review access logs.

d) Data Isolation

  • Healthcare SaaS patient data is stored securely and separately for each hospital/clinic to ensure confidentiality and prevent cross-access.

e) Monitoring & Incident Response

  • Continuous monitoring of servers and APIs for suspicious activity.

  • Incident response plan in place for any security breaches, with immediate notification to affected clients.

4. Compliance with Healthcare Data Regulations

While Asklepia AI does not provide medical advice, we recognize the sensitivity of healthcare-related data.

  • For clients in the United States, our SaaS platform aligns with HIPAA requirements (using HIPAA-eligible AWS services, encryption, and access controls).

  • For clients in the European Union, we comply with GDPR, including user rights for access, correction, and deletion of personal data.

5. Data Retention & Deletion

  • Healthcare SaaS Data (Patient Info): Retained for the duration of the hospital/clinic’s subscription. Data can be deleted upon request.

  • Deletion requests can be submitted via legal@asklepiaai.live and are processed within 30 days.

6. Responsibilities of Clients & Users

  • Hospitals and clinics using our SaaS must ensure their staff follow proper data handling protocols.

  • Clients are responsible for configuring their accounts securely and ensuring only authorized personnel have access.

7. Updates to this Policy

We may update this Data Protection & Security Policy as our services evolve or as laws/regulations require. Updates will be posted on this page with a revised “Last Updated” date.

8. Contact Us

For questions or concerns regarding this policy, please contact:

Asklepia AI – Data Protection Office
 Email: legal@asklepiaai.live
 Website: www.asklepiaai.live

Scroll to Top