Security, by design

Nyelux is built for the expectations of healthcare organizations. Encryption everywhere, zero trust access, and a platform that avoids the PHI risk surface entirely.

How we protect your account

End-to-end encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256. Sensitive information is protected across every layer of the stack.

Access control

Role-based access control with multi-factor authentication. Granular permissions ensure users only see what they need to see.

Data isolation

Each organization's data is logically separated with strict isolation. Your data never mingles with other organizations.

Continuous monitoring

Real-time threat detection, anomaly alerts, and a dedicated security response team with defined response-time commitments.

HIPAA-aligned controls

Administrative, physical, and technical safeguards aligned with HIPAA requirements. Nyelux does not collect or store patient health information.

Due diligence support

Security documentation, SOC 2 controls, and Business Associate Agreements available to healthcare organizations running vendor reviews.

Our commitments

Never sell, rent, or trade your data
No patient health information (PHI) stored on the platform
Annual third-party penetration testing
Incident notification within the timelines required by regulation
Customer ownership and export of their own data

Security documentation on request

We provide security documentation, SOC 2 reports, and BAAs to healthcare organizations evaluating Nyelux. For the full technical view, see our data security page.

Request documentation Detailed data security HIPAA compliance