Encrypted end to end
Your health context is encrypted in transit (TLS 1.3) and at rest (AES-256). Field-level encryption on the most sensitive entries. Keys rotated on a schedule that even our own engineers cannot circumvent.
Trust & safety
Health data is the most personal data there is.
A platform that holds your whole health context has to earn that. Here is the standard we hold ourselves to — across jurisdictions, across modules, and across the life of your record.
3 jurisdictions · in-region storage72h breach notification0 data-resale
The four pillars
What we commit to, in plain language.
A clinician in the loop
AI triages and navigates. Licensed clinicians make the medical decisions — every prescription, every referral, every diagnosis with clinical implication. The AI is decision-support, never the decision.
Your data, your control
Export your full record at any time. Delete it entirely whenever you choose — and "delete" means deleted, not soft-flagged. Per-module consent, per-claim consent, opt-in (not opt-out) on any model training.
Privacy by design
Built to GDPR + DPDP principles from line one. Data minimised by default — we collect what the platform needs to work, and not the long tail of what would be commercially useful to hoard.
Regulatory standing
The frameworks we build to.
We will not list a regulation we are not actually building toward. Honest status, not aspirational logos.
- DPDPIndia · Digital Personal Data Protection Actaligned
- UK GDPRUnited Kingdomaligned
- EU GDPREuropean Unionaligned
- MHRAUK · medical device scopemapping
- MDREU · medical device regulationmapping
- ISO 27001Information securityplanned
The data lifecycle
From the moment we collect it to the moment we delete it.
- 01
Collected
Only what the platform genuinely needs — the symptom, the consent, the consultation outcome. Not the long tail.
- 02
Stored
In-region for your jurisdiction. India in India. UK in the UK. EU in the EU. No cross-border replication without explicit consent.
- 03
Accessed
You + the clinicians you actively consult. Every access is logged. You can see who has read what, and when.
- 04
Shared
Per-claim, per-module consent. Sharing is granular: a pharmacy sees the prescription, not the therapy notes.
- 05
Deleted
On request, fully — including backups, within the retention window required by law. We will tell you exactly what remains and why.
If something goes wrong
What we promise when an incident happens.
Within 24 hours
Internal incident declared. Affected scope mapped. Containment underway.
Within 72 hours
Affected users notified directly, regardless of jurisdictional minimums. Regulators notified per local law.
Within 30 days
Full post-mortem published — root cause, blast radius, what changed, what we owe.
Security disclosures: orenva.health@gmail.com with the subject prefix "Security disclosure".
Frequently asked
About trust & safety.
Who owns my health data?
You do. Always. Orenva is a custodian — we hold and process your data on your behalf, under explicit consent. You can export everything in machine-readable format, or delete the lot.
Is my therapy data shared with my GP?
Only if you explicitly consent. Therapy has the strictest privacy boundary in the platform — it can be entirely private to the module, with nothing crossing into the rest of your context.
Will my data be used to train AI models?
Only if you opt in, granularly. Opt-in (not opt-out), with clear language about what is used for what. You can revoke at any time, and we will not train new models on revoked data.
What happens if there is a breach?
We notify you within 72 hours of confirmation, regardless of jurisdictional minimums. We publish a full post-mortem within 30 days. The standard is the higher of regulatory minimum and our public commitment.
Where is my data hosted?
In-region. India users → Mumbai region. UK users → London region. EU users → Frankfurt region. Encrypted backups are also in-region.
Can you read my record?
Only on a permitted-purpose basis — supporting an active issue, debugging a verified incident, or fulfilling a legal obligation. Every internal access is logged and reviewable. We do not browse records.
Have a security or privacy question?
Write directly. Founders read every email — security and privacy disclosures get priority routing.
Email us