Health data deserves
real protection.
How Salutho protects patient data, complies with Brazil's LGPD (General Data Protection Law) and applies security best practices from day one.
Our security pillars
Servers in Brazil
Data stored in Brazilian national territory. No cross-border transfer as a rule, reducing regulatory risk and increasing control.
End-to-end encryption
Communication protected by TLS. Storage with encryption at rest. Health data treated as sensitive personal data per LGPD Art. 5, II.
High availability and backups
Redundant environment, automatic backups and recovery procedures. Because patient records cannot simply "go down".
Granular permissions
You define who sees what: physician, front desk, admin, supervisor, manager. Each profile sees only what it needs. Everything logged in an audit trail.
Audit trail
Change tracking in records, enabling audits, bringing more transparency and compliance to the operation.
Privacy & Security by Design
We apply Privacy & Security by Design best practices from system conception through process management, with independent security audits.
LGPD in practice
Brazil's General Data Protection Law (LGPD, Law 13,709/2018) governs how personal data is processed. Here is how Salutho and your clinic share responsibilities.
Data Controller: decides what data to collect, for what purpose, and ensures the legal basis (typically: performance of a healthcare services contract and compliance with a legal obligation, LGPD Art. 7, V and II).
Data Processor: processes data on behalf of the clinic, following its instructions and the contract terms. We do not use your clinic's data for unauthorized commercial purposes.
Data Subject Rights (LGPD Art. 18)
Patients whose data is in our platform, and clinic employees, may exercise the rights provided for in LGPD Art. 18, including: access, correction, deletion, portability, and withdrawal of consent.
To exercise rights, contact: [email protected] or the contact form on the Contact page.
What we do if something happens
Detection
Platform monitoring and internal processes to detect and contain security incidents as quickly as possible.
Notification
In the event of a significant incident, we notify the affected clinics and, when applicable, the ANPD (Brazilian National Data Protection Authority), as required by LGPD.
Recovery
Automated backups and recovery procedures. Patient records, scheduling and history remain accessible even in failure scenarios.
Frequently asked questions
Where is the data stored?
Data is stored on servers in Brazil, with encryption in transit and at rest, high availability and redundant backup. The infrastructure uses cloud providers with data centers in Brazilian territory.
Does Salutho use patient data for other purposes?
No. We are processors: we handle data on behalf of your clinic (the controller), following its instructions. We do not use patient data for unauthorized commercial purposes, nor do we sell it.
What happens to my data if I cancel?
Upon termination, we provide a structured data export and delete our copies after the contractual period, respecting the legal EHR retention requirements.
How is AI transcription data handled?
Transcription and summary are processed exclusively to generate the output requested by the clinic. The data is not used to train AI models open to the public. The physician reviews and validates the content before it is consolidated in the EHR.
Questions about LGPD or security?
Talk to our DPO or book a conversation with a consultant.