Security & Trust

Personal health data deserves serious security.

Anyo is built so the people who need health information get it, and the people who don't, don't. Independently audited. Continuously monitored.

ISO/IEC 27001:2022Certified ISMS

AES-256 · TLS 1.3Encryption everywhere

India-resident dataGCP Mumbai (ap-south-1)

De-identified for HRAggregates, never individuals

Certifications & Audits

Independently verified.

CERTIFIED · Information Security Management System

ISO/IEC 27001:2022

Anyo's information security management system is independently certified to the ISO/IEC 27001:2022 standard. Issued by ODC Standards Certifications (India), with annual surveillance audits and a three-year recertification cycle.

Certificate No.: 10252700101
Standard: ISO/IEC 27001:2022
Issued: 25 October 2025
Valid through: 24 October 2028
Surveillance audit: 24 October 2026 · annual
Issuing Body: ODC Standards Certifications (India) Pvt. Ltd.
Certified Entity: Rescript Welltech Private Limited (Anyo)
Scope: Design, development, deployment, and management of digital wellness platforms and mobile applications under the brand Anyo — including storage, processing, and protection of user data, analytics, and associated IT operations.

Data Protection

Four operating principles.

India-based infrastructure

All personal health data hosted on Google Cloud Platform, India region. Daily encrypted backups. No cross-border transfers without explicit customer consent.

De-identification for HR

Aggregated reports strip all direct identifiers. Corporate Partners see trends, never individuals.

Encryption everywhere

AES-256 at rest, TLS 1.3 in transit. Database-level encryption enforced. MFA on Partner Portal and Expert Platform.

Continuous testing

Annual third-party VAPT. Internal security testing throughout the year.

Sending us a security questionnaire?

security@anyo.app