Back to home
Trust & compliance
Security & compliance
Melav is built to meet the security and audit-readiness expectations of private surgical clinics handling health data in France and Israel. Here's how the platform is designed, and where we stand as a pilot-stage company.
Melav is currently in its pilot phase. This page describes our security architecture in good faith — detailed documentation and our data hosting and compliance roadmap are available on request for every clinic evaluating the platform.
Data hosting & security
- Data is encrypted in transit (TLS) and at rest.
- Access is restricted by role, and every account is scoped to a single clinic — no cross-clinic data access.
- Data residency and hosting requirements are discussed and defined per clinic, based on each country's applicable rules.
Full audit trail
- Every action — message sent, form opened, response submitted — is automatically logged with a timestamp.
- Records are append-only: nothing is silently overwritten or deleted, supporting medico-legal review.
- Surgeons and clinics can export a complete, chronological patient record at any time.
Patient rights & data minimization
- Patients access their follow-up via a secure, time-limited link — no account, no password, no data stored on a personal device beyond the session.
- Patients can request access to, correction of, or deletion of their data at any time by contacting their clinic or Melav directly.
- Only the data required for post-operative follow-up is collected — no unrelated profiling, no data resale, no advertising use.
Medical AI guardrails
- Melav's AI features never generate a diagnosis and never replace clinical judgment.
- Emergency detection is 100% rule-based, not AI-driven, to avoid false negatives from model behavior.
- Every AI response is constrained to the surgeon's own validated protocol — it cannot improvise medical advice.
- In case of a medical emergency, patients are always redirected to local emergency services.
