Data Protection Statement

Swizton Medtech follows data protection principles consistent with HIPAA (USA), GDPR (EU), and the Digital Personal Data Protection Act (India).

1. Lawful, Fair & Transparent Processing

Data is processed solely for legitimate health-related purposes.

2. Purpose Limitation

Data is used only for:

• Risk scoring
• Reporting
• Research (anonymized)
• Platform improvement

3. Data Minimization

Only necessary data is collected.

4. Accuracy

Users are responsible for providing accurate information. Third-party reports are used as provided.

5. Storage Limitation

Data is retained only as long as necessary for legal and operational needs.

6. Integrity & Confidentiality

We implement:

• Encryption
• Secure APIs
• Access control
• Audit trails

7. HIPAA Compliance Elements

The following safeguards apply:

• Administrative: Access logs, confidentiality agreements
• Technical: Encryption in transit and at rest
• Physical: Restricted access to servers

8. Data Breach Protocol

In the event of a breach:

• Affected users will be notified
• Relevant authorities will be informed
• Remedial action will be taken immediately

9. Cross-Border Data Transfer

If data is transferred outside India, it will be protected using:

• Encrypted transmission
• Standard contractual clauses (GDPR equivalent)