Legal Documents · Version 1.0

Your privacy and security are our priority

At Alyus we understand that we handle highly sensitive medical information. These documents explain with full transparency how we protect your data and that of your patients.

🔍

Regulatory compliance transparency

Alyus operates under the following frameworks — here we indicate the actual status of each at this stage.

LFPDPPP (Mexico) — Active
Privacy notice in effect. ARCO rights implemented. Legal basis documented for each data processing.
AES-256 + TLS 1.3 encryption — Active
All data at rest and in transit is encrypted. Implemented through Google Cloud infrastructure.
🔄
NOM-004 / NOM-024 — In implementation
Clinical record structured according to both norms. Formal audit scheduled for Q3 2026.
🔄
HIPAA — BAAs in progress
Architecture designed for HIPAA compliance. Business Associate Agreements (BAA) under negotiation with Google Cloud and Zoom. No BAA signed yet with AI models.
📋
ISO 27001 — Roadmap 2027
Formal certification requires external audit. Internal security policies implemented following the framework. Certification process planned.
📋
SOC 2 Type II — Roadmap 2027
Formal audit by independent firm. Security controls implemented following TSC criteria. Certification planned when scaling operations.
ℹ️Alyus is committed to publishing compliance status updates on this page as certifications are obtained. Regulatory transparency is part of our trust promise to doctors and patients.