Enterprise radiology operations, isolated and auditable.
Unify multi-site imaging, remote reporting and billing on one platform with organization-level data isolation, encryption and audited access your security and compliance teams can sign off on.
Frequently asked questions
Is tenant isolation a configuration setting or an enforced gate?
An enforced gate. Every tenant-scoped table carries row-level security in FORCE mode, which applies to the application's own database account too — so isolation does not depend on remembering a WHERE clause, and it cannot be switched off per environment without a migration.
Can we prove who accessed, edited, signed or exported a report?
Yes. Sensitive actions are written to an append-only, hash-chained audit log with full version history. The database physically rejects updates and deletes on it, so the trail is tamper-evident rather than merely tamper-discouraged.
Is every endpoint authenticated, or only the UI?
Every non-public endpoint validates a Keycloak-issued JWT server-side. The interface is not the control — an unauthenticated request to a data endpoint is refused whether it comes from the app, a script, or curl.
Who signs the report — can AI ever sign it?
Never. AI output is always a draft; only a registered radiologist can finalise, and a finalised report is terminal and locked. That boundary is enforced in the report state machine, not by a UI convention.
Where is patient data processed and stored?
In India, on AWS Mumbai (ap-south-1). The platform is built DPDP-ready by design, and the imaging store is never exposed publicly — image access goes through the authenticated gateway.