Security Transparency

Security at MediWing

We design for defense-in-depth. This page summarizes our current security controls and transparency commitments.

Layer 1

Core Controls

Encryption in transit (HTTPS/TLS) and at rest for stored data.
Account-based access control, authenticated APIs, and database row-level security.
Signed URL access for private documents with expiration.
Rate limiting on critical endpoints (authentication, upload, analysis).
Webhook signature verification for payment events.

Layer 2

Operational Safeguards

Secrets are stored in environment configuration and never exposed client-side.
Debug endpoints are restricted and disabled in production.
Error reporting is configured to reduce sensitive data capture.
Access and security issues are reviewed and remediated continuously.

Commitment

Transparency

MediWing is an educational platform and is not a HIPAA-covered entity. Data may be processed by essential service providers (for example AI and payment processors) as described in our Privacy Policy.

For privacy or security requests, contact us at privacy@medimindlab.com.

Not a medical provider. MediWing provides educational health document analysis and is not a HIPAA-covered entity. Do not use MediWing as a substitute for professional medical advice, diagnosis, or treatment.