Skip to main content

Security & Compliance

Zero-knowledge architecture means mathematically guaranteed privacy

Cryptographic Standards

AES-256-GCM Encryption

All patient data encrypted with military-grade AES-256-GCM authenticated encryption.

  • 256-bit keys (2^256 possible combinations)
  • Galois/Counter Mode (authenticated encryption)
  • Unique nonce per record
  • Tamper detection built-in

RSA-4096 Key Wrapping

Public-key cryptography for secure data sharing without exposing encryption keys.

  • 4096-bit RSA keys
  • OAEP-SHA256 padding
  • Forward secrecy support
  • Post-quantum ready architecture

Argon2id Password Hashing

Brute-force resistant password derivation using Argon2id (winner of Password Hashing Competition).

  • 128 MB memory requirement
  • ~500ms computation time
  • GPU/ASIC attack resistant
  • Password never leaves device

HMAC-SHA256 Signatures

Searchable encryption using cryptographic signatures for finding records without decryption.

  • SHA-256 based signatures
  • Deterministic for searchability
  • No plaintext exposed
  • Collision resistant

Compliance & Certifications

HIPAA Compliant

Full compliance with all HIPAA privacy and security rules

GDPR Ready

Privacy by design, data minimization, right to erasure

ISO 27001

Information security management system certification

SOC 2 Type II

Annual third-party security audits and attestations

Frequently Asked Questions

What if I forget my password?

Since your password never touches our servers, we cannot reset it. However, you can use your recovery key (generated during signup) to regain access. Store this key securely!

Can Zeromatics employees see my data?

No. Your data is encrypted before it leaves your device. We only store encrypted blobs that are mathematically impossible to decrypt without your keys.

What happens in a government subpoena?

We can only provide what we have: encrypted data that we cannot decrypt. Zero-knowledge means zero access, even under legal orders.

Is zero-knowledge slower than traditional EMRs?

Modern devices perform encryption/decryption in milliseconds. Most users notice zero performance difference.