Security at KAYMO
Your medical data is sensitive. Here is how we protect it.
Built for Trust
Security isn't an afterthought at KAYMO—it's foundational. From the moment you upload a scan to when you share it with your doctor, your data is protected at every step.
End-to-End Encryption
Your scans are encrypted using AES-256 before leaving your device. Data remains encrypted in transit (TLS 1.3) and at rest. Only you hold the keys.
Secure Infrastructure
Hosted on SOC 2 Type II certified cloud infrastructure with automatic failover, regular backups, and geographic redundancy. Your data is always available when you need it.
Zero Third-Party Access
We never sell, share, or provide your health data to advertisers, data brokers, or any third party. Your scans are yours alone.
Access Controls
Multi-factor authentication, session management, and granular sharing permissions. You decide exactly who can view your scans and for how long.
Audit Logging
Every access to your data is logged. You can see exactly when and how your scans were viewed, giving you complete visibility into your data's history.
Employee Access
KAYMO employees cannot access your scan data. Our systems are designed with privacy by default—even our support team works without seeing your images.
How We Handle Your Data
Upload & Processing
When you upload a DICOM file, it's encrypted on your device before transmission. Our servers process the encrypted data to generate your 3D visualization, then delete the processing artifacts. Your original scan is stored encrypted and accessible only with your credentials.
Storage & Retention
Your scans are stored in encrypted form on secure cloud infrastructure. You control retention—delete any scan at any time and it's permanently removed from our systems within 30 days. We don't keep shadow copies.
Sharing
When you share a scan with a doctor or family member, you create a time-limited, revocable link. Recipients can view but not download or re-share. You can revoke access instantly at any time.
AI Processing
Our AI features run on isolated, secure infrastructure. Questions you ask about your scans are processed in real-time and not stored. We do not use your personal health data to train AI models without explicit consent.
Compliance & Standards
HIPAA Alignment
While KAYMO is a consumer wellness tool (not a covered entity), we follow HIPAA security standards as our baseline. This includes encryption requirements, access controls, and audit logging.
GDPR Compliant
Full compliance with European data protection regulations. You have the right to access, correct, delete, and port your data at any time. Data processing is transparent and consent-based.
SOC 2 Infrastructure
Our cloud infrastructure providers maintain SOC 2 Type II certification, ensuring ongoing security controls are independently audited and verified.
Regular Audits
We conduct regular security assessments, penetration testing, and code reviews. Vulnerabilities are addressed promptly and transparently.
Important: KAYMO is Not a Medical Device
KAYMO is an educational and wellness tool designed to help you explore and understand your anatomy. It is not intended to diagnose, treat, or replace professional medical advice.
Always consult qualified healthcare providers for medical decisions. The visualizations and AI explanations are for educational purposes only.
Security Questions?
Have a security question or want to report a concern? Reach out to our security team.