Skip to content Need urgent help?

Your Data Fortress

Your health data is the most personal data that exists. We protect it with strong, modern security practices and a privacy-first design.

Security-first by design
AES-256 At-Rest Encryption
TLS 1.3 In-Transit Encryption
E2E End-to-End Design
24/7 Monitoring

How Your Data is Protected

Every piece of data you share with SHELY passes through multiple layers of encryption and security controls.

Your Device
TLS 1.3 Tunnel
AES-256 Storage
Encrypted Backup

Standards We Align With

Our security and privacy program is built around the standards and regulations that matter most for healthcare data. Formal certifications are pursued as the platform matures.

DPDP
Aligned with India's DPDP Act
DISHA
Aligned with DISHA health-data principles
HIPAA
Designed around HIPAA privacy principles
GDPR
Built to GDPR data-protection standards
SOC 2
SOC 2 controls — on our roadmap
E2EE
End-to-end encryption by design

SHELY is a growing platform. The frameworks above guide how we design and operate our systems today; independent audits and formal certifications (such as SOC 2 Type II and ISO 27001) are part of our compliance roadmap, not yet completed.

Your Data Rights

You own your data. These rights are always active and can be exercised at any time through your Privacy Portal.

Active

Download Your Data

Export a complete copy of all your personal and health data in standard formats.

Active

Delete Your Data

Permanently remove all your data from our systems within 48 hours.

Active

Control Sharing

Manage exactly who can access your data and for what purpose.

Active

Stay Anonymous

Use health calculators without an account. No data stored.

Our Security Program

These are the practices our security program is built on to protect your data at every level.

Continuous

Real-Time Monitoring

Continuous threat detection and anomaly monitoring across our systems, with automated alerting.

Ongoing

Vulnerability Scanning

Automated scanning of our infrastructure, dependencies, and application code for known vulnerabilities.

Planned

Penetration Testing

We plan to engage independent security firms to conduct penetration tests of our systems and applications as we scale.

Roadmap

Independent Audits

As the platform matures, we intend to pursue independent third-party audits and formal certifications such as SOC 2 Type II and ISO 27001.

As Needed

Incident Response

A documented incident response plan with prompt user notification in the event of a security incident.

Found a Vulnerability?

We take security reports seriously. If you have discovered a vulnerability, please report it responsibly and we will work with you to resolve it.

PGP key available upon request for encrypted reports