Security at MediWing

Core Controls

• Encryption in transit (HTTPS/TLS) and at rest for stored data.
• Account-based access control, authenticated APIs, and database row-level security.
• Signed URL access for private documents with expiration.
• Rate limiting on critical endpoints (authentication, upload, analysis).
• Webhook signature verification for payment events.

Operational Safeguards

• Secrets are stored in environment configuration and never exposed client-side.
• Debug endpoints are restricted and disabled in production.
• Error reporting is configured to reduce sensitive data capture.
• Access and security issues are reviewed and remediated continuously.

Transparency

MediWing is an educational platform and is not a HIPAA-covered entity. Data may be processed by essential service providers (for example AI and payment processors) as described in our Privacy Policy.

For privacy or security requests, contact us at privacy@medimindlab.com.