RoundsBack to Home

Security at Rounds

Your privacy and security are our top priorities. Learn about the measures we take to protect your data.

End-to-End Encryption

All direct messages are encrypted. Only you and your recipient can read them.

Secure Infrastructure

Hosted on enterprise-grade cloud infrastructure with 99.9% uptime SLA.

Row Level Security

Database policies ensure users can only access their own data.

PMDC Verification

Every doctor is verified against PMDC records before gaining full access.

Our Security Practices

Data Encryption

  • In Transit: All data transmitted between your device and our servers is encrypted using TLS 1.3
  • At Rest: Sensitive data is encrypted in our database using AES-256 encryption
  • Messages: Direct messages use end-to-end encryption

Authentication & Access Control

  • Secure password hashing using bcrypt
  • Session tokens with automatic expiration
  • Optional two-factor authentication (coming soon)
  • Role-based access control for different user types

Database Security

  • Row Level Security (RLS): PostgreSQL policies ensure users can only query their own data
  • Prepared Statements: All database queries use parameterized queries to prevent SQL injection
  • Regular Backups: Automated daily backups with point-in-time recovery

Application Security

  • Input Validation: All user inputs are validated and sanitized
  • CSRF Protection: Cross-site request forgery tokens on all forms
  • XSS Prevention: Content Security Policy headers and output encoding
  • Rate Limiting: Protection against brute force attacks

Infrastructure

  • Hosted on Supabase (backed by AWS)
  • Automatic security updates and patches
  • DDoS protection
  • Regular vulnerability scanning

Doctor Verification Process

To maintain a trusted community, we verify all medical professionals:

  1. PMDC Number Submission: Users provide their Pakistan Medical & Dental Council registration number
  2. Verification Check: We validate the number against official records
  3. Badge Assignment: Verified doctors receive a verification badge on their profile
  4. Ongoing Monitoring: Periodic re-verification to ensure continued validity

Reporting Security Issues

Found a Vulnerability?

If you discover a security vulnerability, please report it responsibly. We appreciate your help in keeping our community safe.

Email: security@rounds.systems

Your Responsibilities

Help us keep your account secure:

  • Use a strong, unique password
  • Don't share your login credentials
  • Log out on shared devices
  • Report suspicious activity immediately
  • Keep your email address up to date

Compliance

We adhere to industry standards and best practices:

  • OWASP Security Guidelines
  • Pakistan Electronic Crimes Act compliance
  • Regular security audits

Security Measures Checklist

TLS 1.3 encryption
Password hashing (bcrypt)
Row Level Security
SQL injection prevention
XSS protection
CSRF tokens
Rate limiting
Automated backups
Doctor verification
Session management