01
Multi-tenant row-level isolation
Every clinic's data is separated at the row level on every entity. Hard separation, even from us-managed dashboards. No cross-tenant queries are even possible.
Security & data ownership
Your data is yours. We just make it useful.
Multi-tenant isolation, immutable reports, doctor-signed PDFs, role-based access, and bulk export are core product promises — not enterprise-only afterthoughts.
The honest version
HIPAA-oriented
In-progress posture; technical controls aligned. Not yet audited.
SOC 2
Readiness work scheduled for post-launch.
DPDP Act (India)
Aligned by design — consent, data residency, breach notification flows in place.
ISO 27001
On the post-launch roadmap.
Six security pillars
Built into the architecture, not bolted on.
Each of these is a product-level guarantee — same on every plan, including founding-clinic pricing.
02
Health data preserved — both sides
Clinics keep operational records forever. Client companies keep a read-only history of every checkup ever done for their workforce. Both sides own their data.
03
Immutable finalized reports
Once a report is finalized, the form values, layout, signature, and PDF are frozen. Edits create new versions — never silent overwrites.
04
Doctor-signed PDFs
Embedded digital signatures with signing identity, license number, and timestamp. Defensible in disputes, reproducible forever.
05
Role-based access
Tenant admin, ops manager, doctor, staff, and client company — each see only what they should. Fine-grained, configurable per role.
06
Bulk export, no lock-in
Excel export on every entity, anytime. Your data is yours, in the format every accountant, HR head, and consultant already uses.
Compliance posture
Honest about what's done and what's in progress.
We don't claim certifications we don't hold. Here's what's live in the product today.
01
HIPAA-oriented posture
Architecture and access controls modeled on HIPAA technical safeguards. We're transparent: we say 'oriented,' not 'certified,' until we are.
02
Indian data protection aligned
DPDP Act-aligned consent and data residency design. Indian-tenant data hosted in Indian regions by default.
03
Form 5 / 31 / 35 ready
Indian Factories Act fitness certificates supported out of the box, with your branding and signature blocks pre-wired.
04
Secure file handling
Signed URLs and protected downloads for PHI-sensitive files. Files never expose direct storage paths.
05
Audit log on every action
Every form edit, file upload, sign-off, PDF download, and invoice action recorded with actor, timestamp, and reason where applicable.
06
Backups + reproducibility
Daily backups with encryption at rest. Any finalized report can be re-rendered from its frozen snapshot — exact same PDF, every time.
Our data ownership stance
If you ever leave us, you take everything with you.
No vendor lock-in. No proprietary export formats. No 'request your data and wait two weeks.' Bulk Excel export on every entity — checkups, employees, reports, invoices, audit logs — anytime, today.
Ready when you are
Your next camp doesn’t have to run on spreadsheets.
Get early access to OHC and lock in founding-clinic pricing from ₹2,999/month, or talk to us if you need a customised healthcare platform for your group.