Security at JanusMed

Last updated: Jan 11 2026

At JanusMed, protecting your health data is foundational. We design our platform so that patients remain in control of their information, while authorized healthcare professionals can access what they need — securely and transparently.

This page outlines how we approach security, privacy, and responsible data handling.

Our Security Philosophy

Health data is among the most sensitive personal information that exists. From day one, JanusMed is built with the principle that:

Security is not a feature — it is a baseline requirement.

We focus on:

  • Minimizing data exposure
  • Restricting access by default
  • Logging and auditing every sensitive operation
  • Continuously improving protections as the platform evolves

Data Protection & Encryption

We apply industry-standard protections to safeguard your data:

Encryption in transit

All traffic is encrypted using HTTPS (TLS 1.2+).

Encryption at rest

Stored data, including documents and structured health metrics, is encrypted using managed cloud encryption services.

Credential protection

Passwords and authentication secrets are never stored in plain text and are protected using modern hashing and key-management practices.

Access Control & Authorization

Access to patient data is strictly controlled:

  • Patient-owned data: Patients explicitly authorize which healthcare professionals can access their information.
  • Role-based access control (RBAC): Different roles (patient, physician, admin) have different access levels.
  • Least-privilege principle: Users and internal services only have access to what is strictly necessary.
  • Auditability: Sensitive actions (such as document access or sharing changes) are logged for traceability.

Infrastructure & Hosting

JanusMed is hosted on secure, reputable cloud infrastructure with:

  • Hardened environments
  • Network-level protections
  • Continuous monitoring and automated alerts
  • Regular security updates and patching

We rely on trusted providers that meet high availability and security standards.

Continuous Security Monitoring

To maintain a strong security posture, we use:

  • Automated vulnerability scans using Static Application Security Testing
  • Dependency and package automatic monitoring and alerting
  • Secure configuration baselines (HTTP headers, TLS policies)
  • Periodic internal security reviews

Identified issues are prioritized and remediated promptly.

Responsible Disclosure

We welcome help from the security community.

If you believe you have found a security vulnerability in JanusMed, please report it responsibly:

📧 contact@janusmed.app

Please include:

  • A description of the issue
  • Steps to reproduce, if applicable
  • Any supporting screenshots or logs

We commit to reviewing all reports and addressing valid issues as quickly as possible.

Compliance & Regulatory Approach

JanusMed is designed with privacy and healthcare regulations in mind, including principles from:

  • GDPR / LGPD
  • HIPAA-aligned best practices (where applicable)

Inherited Compliance from Google Cloud

JanusMed is hosted on Google Cloud, in a region in the USA. As such, the following regulatory compliance is inherited from our infrastructure provider:

ISO/IEC 27001

Information Security Management

What JanusMed inherits: Google's physical security, personnel screening, and network redundancy.

SOC 1, SOC 2, and SOC 3

Service Organization Controls

What JanusMed inherits: Independent assurance that Google's financial (SOC 1) and security/privacy (SOC 2) controls are effective.

ISO/IEC 27017 & 27018

Cloud Security & Cloud Privacy

What JanusMed inherits: Assurance that Google protects PII (Personally Identifiable Information) in the cloud.

HIPAA

Healthcare - USA

What JanusMed inherits: Google may sign a Business Associate Agreement (BAA) with us if necessary in the future. This would enable us to store PHI (Protected Health Information) on compliant services (like BigQuery, Cloud Storage, Compute Engine).

As an early-stage product, JanusMed is in an ongoing process of expanding formal compliance certifications as the platform matures and adoption grows.

What We Do Not Do

  • We do not sell patient data
  • We do not share health information without explicit patient authorization
  • We do not grant access to third parties for advertising or profiling
  • We do not employ or use any subprocessors or contractors for developing software or handling data

Your data exists to support your health — nothing else.

Transparency & Updates

Security is an evolving effort. We regularly improve our controls, policies, and infrastructure as the platform grows.

Material changes to our security practices will be reflected on this page.

Questions?

If you have questions about security, privacy, or data protection, contact us at:

📧 contact@janusmed.app

JanusMed — built for continuity of care, designed for trust.