Foveal.

Security & trust, in plain language.

What we do, what we deliberately don't claim, and how to check us.

Where your data lives

All clinic and patient data is stored in a professional data centre in Mumbai, India (AWS ap-south-1, operated via Supabase). It is not replicated outside India. Connections are encrypted with TLS; storage is encrypted at rest.

Who can see it

Only your clinic's staff, signed in with their own accounts. Isolation between clinics is enforced inside the database engine itself (row-level security), not just in the application — a bug in a screen cannot leak another clinic's records. Foveal's own platform administrators are structurally excluded from reading patient data: the database policies deny it, and our automated test suite proves that denial on every code change.

DPDP, by design

What we don't claim: there is no such thing as a "DPDP certificate", so we won't wave one at you. We build to the Act's obligations and put the mechanisms above in writing instead.

ABDM / ABHA

ABHA integration is on our roadmap — planned, not yet certified. When Foveal completes ABDM integration it will be announced here; until then we won't call ourselves ABHA-compliant, and we'd encourage you to ask any vendor who does for their certification details.

Backups & the boring discipline

Your notes are sacred

A design rule enforced across the product: nothing you typed is ever silently overwritten. Templates and "mark normal" fill only blank fields. Drafts autosave locally and survive power cuts, and local drafts are wiped when you sign out.

Honest limits

Ask us anything at a demo