HIPAA & GDPR Compliance
Convai Agent OS is engineered from the ground up for healthcare compliance. Every layer — from authentication to data storage — enforces regulatory controls by default.
1. Access Control & Authentication
HIPAA §164.312(a) — Technical Safeguards
🔐 Unique User IDs
Every user is assigned dedicated credentials stored in an AES-256-GCM encrypted users.enc vault. No shared accounts or default passwords.
🔑 Strong Cryptography
PBKDF2 password hashing with 600,000 iterations (SHA-512). Password complexity enforced: minimum 8 characters with uppercase, lowercase, digits, and special characters.
📱 Context-Aware MFA (TOTP)
During account provisioning, a TOTP secret is generated for authenticator apps (Google Authenticator, Authy). The system incorporates Hardware Device Trust — recognized MAC address fingerprints are whitelisted, so MFA is only challenged on untrusted hardware. 8 single-use recovery codes as backup.
🚫 Account Lockout
5 consecutive failed authentication attempts trigger an automated 15-minute account suspension. All lockout events are logged in the immutable audit trail with timestamps and source identifiers.
🖥️ Inactivity Lock Screen
After a configurable period of inactivity (15 / 30 / 60 minutes, selectable in Settings), a secure lock overlay requires password re-entry. The VM and all background services continue running, preserving clinical workflow. Satisfies §164.312(a)(2)(iii) without disrupting patient management.
🚨 Emergency Access
Break-glass protocol implementation. A cryptographic emergency code bypasses all lockout mechanisms and grants immediate access. Every emergency access event is prominently logged in the audit trail per HIPAA §164.312(a)(2)(ii).
2. Audit Controls
HIPAA §164.312(b) — Audit Logging & Monitoring
Tamper-Proof HMAC Chains
Each audit entry is cryptographically chained — the integrity hash of every entry includes the checksum of its predecessor. Any modification triggers an irreversible chain collision alert.
File-Level Verification
A separate HMAC file (.hmac extension) is maintained independently from the audit data. Integrity validation runs automatically on every system load.
On-Demand Integrity Validation
Administrators can invoke a one-click "Verify Integrity" button from the dashboard that performs root-to-tip HMAC chain verification across the entire log dataset.
Comprehensive Metadata
Every log entry captures: Event ID, UTC timestamp, severity, source, category, data classification (PHI/Confidential/Internal), authenticated actor, session ID, outcome, and per-row integrity hash.
Compliant Export
Audit logs can be exported as CSV or native PDF documents directly to disk. PDF reports include compliance headers, data classification summaries, severity breakdowns, and report-level integrity hashes.
3. Encryption & Data Integrity
HIPAA §164.312(c)(e) — Data Protection
| Layer | Method | Details |
|---|---|---|
| User Credentials | AES-256-GCM | Encrypted at rest in users.enc. PBKDF2-derived key. |
| Audit Logs | AES-256-GCM | Encrypted at rest in audit-log.enc. HMAC integrity validation. Legacy plaintext auto-migrated. |
| TOTP Secrets | AES-256-GCM | Stored encrypted within the user vault. Never exposed in plaintext after initial QR generation. |
| Password Hashing | PBKDF2-SHA512 | 600,000 iterations. 512-bit output. Per-user random salt. |
| License API | TLS 1.2+ | All external verification requests transmitted over HTTPS. |
| VM Sandboxing | QEMU Isolation | Custom OS runs entirely within a sandboxed virtual machine. Zero system-level access to host PC. |
4. Sandboxed Execution Environment
Defense-in-Depth Architecture
Unlike generic AI agents that execute directly on the host operating system with full system-level permissions, Convai Agent OS runs its entire AI stack inside a purpose-built, minimal Linux OS within a tightly constrained QEMU virtual machine.
Zero Host Access
The AI cannot read, write, or execute anything on the host Windows system.
Network Isolation
Guest networking is strictly port-forwarded. No bridged access to host LAN.
Ephemeral Sessions
The VM can be stopped and fully cleared from Settings at any time.
5. GDPR & DPDP Act Compliance
Data Protection by Design
Data Protection by Design
All patient data is processed locally. No cloud transmission, no third-party processing. The architecture inherently satisfies data minimization and purpose limitation.
Records of Processing
Comprehensive, tamper-proof audit logs document every processing activity with timestamps, actors, and data classification markers.
Security of Processing
AES-256-GCM encryption, PBKDF2 key derivation, TOTP MFA, account lockout, and VM sandboxing collectively implement appropriate technical and organizational measures.
Right to Erasure
The "Clear Session Data" function in Settings allows complete deletion of all patient data and session information from the VM.
India DPDP Act 2023
Local-only processing ensures no cross-border data transfer. The Data Fiduciary (healthcare provider) retains full control over all personal data at all times.
Data Gateway Disclaimer
Crucial Rules for Telegram & WhatsApp Integrations
Unredacted PHI (Protected Health Information) MUST NOT be transmitted via Telegram or WhatsApp.
While the connection between Convai Agent OS and messaging gateways is TLS encrypted, third-party messaging platforms process and store attachments on their cloud servers. Telegram and WhatsApp do not sign HIPAA Business Associate Agreements (BAAs) for standard bot usage.
Permitted Usage: Messaging gateways may be used for scheduling, non-sensitive communication, and transferring de-identified/anonymized data or generic research files.
Restricted Usage: Uploading raw medical scans, unredacted lab reports, or any documents containing patient names, DOB, or SSNs via third-party messaging apps constitutes a compliance violation.All sensitive PHI files must be imported directly through the Convai Agent OS local desktop application interface, which guarantees zero cloud transmission.