Security

All data transmitted between your device and Medizen Institute's servers is encrypted using TLS 1.3 (Transport Layer Security), the gold standard for internet security.

Sensitive data at rest, including personal information and payment records, is encrypted using AES-256 encryption — the same standard used by financial institutions and government agencies.

Your passwords are hashed and salted using bcrypt before storage, meaning even our internal team cannot view your plain-text password.

Our platform is hosted on enterprise-grade cloud infrastructure with multiple redundancy layers, ensuring 99.9% uptime and resilience against outages.

We maintain isolated environments for production, staging, and development. Student data is never accessible in non-production environments.

Regular automated and manual penetration testing is conducted on our systems to proactively identify and remediate vulnerabilities before they can be exploited.

Access to student data is strictly role-based. Only authorised personnel with a legitimate business need can access personal information, and all access is logged and audited.

Our administrative systems are protected by multi-factor authentication (MFA) and VPN access requirements for remote connections.

We follow the principle of least privilege — employees are granted only the minimum access rights necessary to perform their job functions.

We employ real-time security monitoring and intrusion detection systems (IDS) that alert our security team to suspicious activities 24/7.

All system access and user activity logs are retained for 90 days and reviewed regularly for anomalous behaviour patterns.

Our DDoS mitigation system automatically detects and filters malicious traffic, ensuring the learning platform remains accessible to genuine students.

In the event of a security incident, Medizen Institute has a documented Incident Response Plan. Affected students will be notified within 72 hours of a confirmed breach.

Our security team is trained to classify, contain, and remediate incidents swiftly, minimising potential impact on student data and platform availability.

Post-incident, we conduct a thorough root cause analysis and implement preventive measures to avoid recurrence.

All payments are processed through PCI-DSS Level 1 certified payment gateways. Medizen Institute does not store any credit or debit card information on its servers.

We integrate with trusted payment processors including Razorpay and other RBI-authorised payment aggregators who meet the highest standards of financial data security.

Transaction records are maintained securely for accounting and audit purposes and are never shared with unauthorised parties.

Use a strong, unique password for your Medizen Institute account. We recommend using a password manager and enabling two-factor authentication where available.

Never share your login credentials with others. If you suspect your account has been compromised, contact us immediately at medizeninstitutevigilance@gmail.com or WhatsApp +91 81170 91792.

Be cautious of phishing attempts. Medizen Institute will never ask for your password via email, WhatsApp, or phone calls.

We take security vulnerabilities seriously. If you discover a potential security issue on our platform, please report it responsibly to medizeninstitutevigilance@gmail.com.

We have a responsible disclosure policy and commit to acknowledging reports within 48 hours and providing regular updates on our investigation.

We deeply appreciate the security community's efforts in helping us keep our students safe. Valid, responsible disclosures are recognised and appreciated.