Security
Security & engineering practices
We design for regulated retail: validated inputs, branch-scoped handling, and consistent API responses—described here for IT and procurement review without exposing internal implementation details.
Input validation
Requests are validated before they touch business logic, reducing malformed payloads and surprise edge cases.
Branch isolation
Multi-branch deployments carry context explicitly so data and actions stay scoped to the right facility.
Operational data control
Hospital and pharmacy operational databases run on infrastructure you control with desktop deployment. Hayati Cloud handles licensing and services you enable—not silent exfiltration of your ledger by default.
Safe responses
APIs return structured outcomes suitable for automation and auditing—fewer ad-hoc parsers on the client.
Logging
Operational logging supports investigation and support without turning logs into a patient-data leak surface.
Procurement
Security questionnaires, data-flow diagrams, and contract terms are handled during enterprise evaluation. We do not display unverified certification badges on this marketing site.
Data privacy under India's DPDPA 2023
Pharmacy software processes patient-adjacent data: prescription references, customer names, contact numbers, and billing history. India's Digital Personal Data Protection Act 2023 places obligations on how personal data is collected, used, and stored. Hayati processes data to run pharmacy operations you enable—not to sell customer lists. Operational pharmacy databases on desktop deployments stay on infrastructure you control unless you turn on governed sync. Hayati Cloud services (licensing, uploads, admin) use object storage; application configuration defaults to the ap-south-1 (Mumbai) AWS region for those cloud objects. Contact us for a current data-flow diagram if residency is a procurement requirement.
Schedule H drug handling
Schedule H and Schedule H1 medicines require prescription discipline, maintained records, and traceable dispensing. Hayati is designed to support Schedule H flagging in inventory and dispensing workflows so staff see controlled-product rules at the counter. Exact configuration depends on your license category and SOPs—validate during walkthrough with your compliance lead.
Encryption and backup
Data in transit between enabled cloud services and clients uses TLS. Data at rest on cloud object storage relies on provider encryption. Desktop operational data backup and restore are part of deployment planning—we do not claim a specific public uptime percentage on this page. Contact us for SLA and support details during enterprise evaluation.
GST billing compliance
Hayati issues GST-aligned invoices with CGST, SGST, and IGST treatment as applicable to your registration and supply type. Invoice formats are shaped for Indian pharmacy and hospital retail filing workflows. Statutory changes are addressed through governed updates—confirm your edition during procurement.
Questionnaires and data-flow detail are shared during enterprise evaluation.