Data Protection Policy

1. Introduction

At Echich, we prioritize the security and confidentiality of all user data. This policy outlines our security measures, data encryption practices, and compliance with regulations to protect your information.

2. Security Measures

• • 24/7 monitoring of our infrastructure for threats
• • Multi-factor authentication for all administrative access
• • Regular security audits and penetration testing
• • Data anonymization for research and analytics
• • Role-based access controls (RBAC) for staff

3. Data Encryption

• • Transport encryption using TLS 1.3 for all data in transit
• • AES-256 encryption for data stored in our databases
• • Secure key management via AWS Key Management Service
• • End-to-end protection for sensitive medical information

4. Regulatory Compliance

• • Full compliance with GDPR and HIPAA regulations
• • Annual SOC 2 Type II audit certification
• • ISO/IEC 27001 certified information security management
• • Data processing agreements with all third-party vendors

5. Your Rights

• • Request access to your stored data at Privacy Policy
• • Correct or delete personal information
• • Withdraw consent for data processing
• • File complaints to data protection authorities

6. Cookies Policy

• • Only strictly necessary cookies are used by default
• • Analytics cookies require opt-in consent
• • All cookies have 14-day expiration by default
• • Cookie preferences can be managed in your account settings