Gomgasht
GomgashtWorkforce Health OS

Security and Privacy

Built for the most sensitive workforce data. Privacy-first architecture from day one.

Architecture

Enterprise-grade infrastructure designed for sensitive health data from the ground up.

  • Encryption in transit with TLS 1.3 for all connections
  • Encryption at rest with AES-256 for all stored data
  • Full tenant isolation with dedicated database instances
  • No shared databases between organizations
  • Infrastructure hosted on SOC2-certified cloud providers
  • Automated backups with point-in-time recovery

Access Control

Granular permissions ensure that every user sees only what their role requires.

  • Role-based access control with predefined and custom roles
  • Principle of least privilege enforced at every layer
  • Session management with configurable timeout policies
  • Multi-factor authentication support (TOTP, SMS, hardware keys)
  • Single sign-on integration (Azure AD, Okta, Google Workspace)
  • IP allowlisting for administrative access

Privacy by Design

Privacy is not a feature we added. It is the foundation every decision is built on.

  • Data minimization: collect only what the workflow requires
  • Purpose limitation: data used only for stated purposes
  • Consent management with configurable workflows
  • Retention controls with automatic deletion schedules
  • Anonymization and aggregation for reporting
  • Employee own-record access portal

Compliance

Multi-jurisdiction compliance for organizations operating across borders.

  • UAE PDPL compliant (Middle East)
  • GDPR compliant (European Union)
  • HIPAA-ready architecture (United States)
  • PIPEDA compliant (Canada)
  • SOC2 Type II certification (planned)
  • Regular third-party security assessments

Data Residency

Choose where your data lives. Meet local requirements without compromise.

  • Middle East data centers (UAE, Bahrain)
  • United States data centers (US-East, US-West)
  • European data centers (Frankfurt, Dublin)
  • Canadian data centers (Toronto, Montreal)
  • Data never leaves your chosen region
  • Cross-region disaster recovery available on request

Audit and Transparency

Every action is logged. Every access is tracked. Full visibility for compliance teams.

  • Immutable audit logs for all system actions
  • Access reports showing who viewed what and when
  • Full data export in standard formats
  • Deletion workflows with verification and confirmation
  • Retention policy audit reports
  • Third-party audit support and documentation

Incident Response

Prepared for the worst. Transparent when it matters most.

  • 24-hour breach notification commitment
  • Documented incident response plan
  • Regular penetration testing by independent firms
  • Vulnerability management with defined SLAs
  • Bug bounty program (coming soon)
  • Transparent communication during security events

Employee Privacy Rights

Workers have rights over their data. Gomgasht makes those rights easy to exercise.

  • Own-record access: workers can view their data anytime
  • Data portability: export personal records in standard formats
  • Right to deletion where legally permitted
  • Clear consent language in non-technical terms
  • Opt-out mechanisms where applicable
  • Privacy contact and escalation path

Your trust is our foundation

We handle sensitive health data every day. That responsibility shapes every architectural decision, every access control, and every policy we implement. If you have questions about our security posture, our team is available to discuss your requirements in detail.

Questions about security or compliance?

Our team is available to discuss your privacy requirements, provide documentation for your procurement process, or walk through our architecture in detail.

Contact Security TeamView Platform