Your trust is non-negotiable
Healthcare and financial data demand the highest standards. MixCare is built with security, privacy, and compliance at its core — verified by independent auditors and aligned with every major regulatory framework in Asia-Pacific.
Certifications & compliance
All certifications are independently audited. We share audit reports with enterprise clients and regulated institutions on request.
ISO 27001
Certified information security management.
Comprehensive framework for managing information security risks.
GDPR Compliant
Full EU General Data Protection Regulation compliance.
Data minimisation, purpose limitation, and subject rights fully implemented.
PDPO (HK)
Personal Data Privacy Ordinance — Hong Kong.
Aligned with all 6 Data Protection Principles under Cap. 486.
MAS TRM
Monetary Authority of Singapore Technology Risk Management.
Compliant with MAS TRM guidelines for financial institutions.
HKMA Aligned
Hong Kong Monetary Authority guidelines.
Meets HKMA's cybersecurity and data governance expectations.
Security architecture
Eight layers of protection, independently verified, continuously monitored.
End-to-End Encryption
All data encrypted at rest (AES-256) and in transit (TLS 1.3). Encryption keys managed in hardware security modules (HSMs).
Zero-Trust Architecture
Every access request is authenticated and authorised — no implicit trust, ever. Multi-factor authentication enforced for all admin accounts.
Regional Data Residency
Your data stays in your region. HK data on HK servers, SG data on SG servers. No cross-border transfers without explicit consent.
Access Controls
Role-based access control (RBAC) with principle of least privilege. All privileged access is logged, monitored, and subject to quarterly review.
24/7 Security Monitoring
Our security operations centre monitors systems around the clock. Automated threat detection with <15 minute incident response SLA.
Penetration Testing
Annual penetration tests by independent third parties. Vulnerability disclosure programme open to the security research community.
99.9% Uptime SLA
Multi-region redundancy with automatic failover. Our infrastructure is designed to survive any single point of failure.
Audit Trails
Every claim, transaction, access event, and configuration change is immutably logged and available for your compliance team.
Data privacy principles
Data Minimisation
We only collect data that is strictly necessary for the services you've subscribed to. No secondary use without explicit consent.
Purpose Limitation
Your data is used only for the purpose for which it was collected. Claims data for claims. Analytics data for analytics. Never mixed.
Storage Limitation
Data is retained only for as long as legally required or contractually agreed. Automated deletion schedules enforced across all environments.
Data Subject Rights
Employees and policyholders have full rights to access, correct, port, and delete their personal data. Requests processed within 30 days.
Cross-Border Transfers
No data crosses regional boundaries without legal basis, your explicit agreement, and appropriate transfer mechanisms in place.
Trusted by regulated institutions across Asia-Pacific
Enterprise clients can request our full security documentation and questionnaire at security@mixcarehealth.com
Questions about security or compliance?
Our security and compliance team is available for regulated institutions, enterprise buyers, and due diligence reviews.