Data Protection & Compliance
StrIQ is built to the highest standards of patient data privacy, operating under India's DPDP Act 2023, the US HIPAA framework, and GDPR data minimization principles.
Framework alignment
DPDP Act 2023
India- Data Processor role
- Explicit consent & ledger
- Data residency
- Right to erasure
- DPO oversight
HIPAA
United States- Business Associate
- PHI safeguards
- Audit logs
- RBAC access
- Breach notification
GDPR Principles
Global standard- Data minimization
- AES-256 Encryption
- TLS 1.3 Security
- Lawful basis
Technical safeguards
Encryption
At rest & in transit. Data is secured using AES-256 at rest and TLS 1.3 in transit.
Irreversible de-ID
Strict PII masking ensures patient identity is protected in all non-clinical data views.
Immutable audit logs
The HIPAAAuditLog module provides a Write Once / Read Many (WORM) trail with HMAC-SHA256 signing, capturing actor, timestamp, and source IP.
Identity & access
IAM controls with strict RBAC enforcement. We use OTP / Passwordless authentication, UUID identifiers, and Zero Trust consent protocols.
Data sovereignty
India-first residency
We enforce local cloud hosting to ensure complete Government of India (GoI) DPDP Act compliance.
Adequacy safeguards
Strict cross-border controls and data transfer mechanisms are in place to prevent unauthorized offshore processing.
Compliance matrix
Your data rights
Right to erasure
Request data deletion; core records retained for 3 years per clinical law.
Data portability
Export your full diagnostic history in a machine-readable format.
Consent revocation
Withdraw consent at any time; processing stops immediately.
Breach notification
Immediate alert to your Data Fiduciary if a breach is suspected.