Trust Center · 174+ Countries

Healthcare data, handled to a defensible global standard.

Name: MOVO-X Self Check-In Kiosk
Brand: MOVO-X
Price: 2499 USD
Availability: InStock

MOVO-X is in production with real patient records today. The same security, compliance, and privacy posture protects every clinic — from a 50-year practice in Pasir Gudang to a hospital chain in Berlin to an aesthetic group in São Paulo. This page is the source of truth for how we handle your data, who has access, where it lives, and what we commit to.

Three pillars

Security

Defence in depth — at every layer

Encryption at rest and in transit, row-level security on every table, JOSE-verified JWTs, httpOnly + sameSite cookies, full audit logging on every mutation. Architecture aligned to ISO 27001 and SOC 2 Type II principles.

✓AES-256 at rest, TLS 1.3 in transit
✓Postgres Row-Level Security on patient data
✓Immutable per-action audit log, retained for regulator inspection
✓Per-clinic role-based access controls (RBAC)
✓Magic-link staff invite, session management, password policy

Read the security page →

Compliance

Engineered for every market

MOVO-X meets healthcare data-protection requirements in 174+ countries — from EU GDPR to US HIPAA, Brazil's LGPD, South Africa's POPIA, China's PIPL, and 170+ regional regimes. Detailed compliance matrix and per-country mapping available.

✓EU GDPR + UK GDPR + Data Protection Act 2018
✓HIPAA-aligned controls for US healthcare deployments
✓PDPA (Singapore, Malaysia, Thailand), UU PDP (Indonesia)
✓LGPD (Brazil), PIPEDA (Canada), POPIA (South Africa)
✓PIPL (China), APPI (Japan), KVKK (Turkey), DPDP (India)

Read the compliance page →

Privacy

Patient privacy, by design

Patient data is the patient's. We collect only what the clinic needs to operate, store it in the clinic's designated region, and provide self-service export and deletion paths. Clinics own the data; MOVO-X is the processor.

✓Patient-data minimization — collect only what is needed
✓Per-clinic data residency (region-locked storage)
✓Right to access, export, rectification, erasure
✓Clinic = controller, MOVO-X = processor (DPA on file)
✓No patient data used for training third-party models

Read the privacy page →

Our commitments to you

▸

Zero downtime to date. Live in production at Klinik Muhibbah since early 2026 — 27,521 patient records, no service interruptions.

▸

Multi-region edge. Vercel Fluid Compute + Cloudflare CDN. Region-locked patient data; globally-cached static surface.

▸

Incident response. Documented runbook. CTO on direct WhatsApp. Customer notification within hours of confirmed incident.

▸

No silent vendor changes. Sub-processor list maintained on this page. Changes notified to customers in writing before activation.

▸

Yearly architecture review. Annual third-party penetration test and architecture audit. Findings shared with enterprise customers under NDA.

▸

Defensible disclosure. Responsible-disclosure security@movo-x.com (PGP key on request). 90-day patch SLA for critical issues.

Sub-processors

MOVO-X uses a small, deliberately-chosen set of sub-processors. This list is current as of 3 May 2026. Changes are notified to customers in writing before activation.

Sub-processor	Purpose	Region	Compliance
Vercel	Application hosting, edge compute	Multi-region (customer-configurable)	SOC 2 Type II, ISO 27001
Supabase	Postgres database, authentication	Singapore (default) · region-configurable	SOC 2 Type II, HIPAA-eligible
Cloudflare	CDN, DDoS protection, image optimization	Global edge	SOC 2 Type II, ISO 27001
Meta WhatsApp Business	Patient messaging via official Cloud API	EU + Global	GDPR, ISO 27001
Resend	Transactional email delivery	EU + US	GDPR, SOC 2
PostHog	Product analytics, error tracking	EU + US (configurable)	GDPR, SOC 2 Type II

Found something? Tell us.

Responsible-disclosure programme. Email security@movo-x.com (PGP key on request) or WhatsApp the CTO directly. We acknowledge within 24 hours, patch critical issues within 90 days, and credit researchers in our disclosures unless they request otherwise.

security@movo-x.com WhatsApp CTO