1. INTRODUCTION

At Mena Health GmbH, we take the security of your data and our platform seriously. This security overview outlines the measures we implement to protect your information and ensure the integrity of our healthcare AI platform. Our security program is designed to comply with international standards including GDPR and HIPAA requirements where applicable. We employ a defense-in-depth approach combining technical, administrative, and physical security controls.

2. DATA PROTECTION AND ENCRYPTION

We employ industry-standard encryption protocols to protect data both in transit and at rest: • All data in transit is encrypted using TLS 1.3 with perfect forward secrecy • Data at rest is encrypted using AES-256 encryption • Database connections use encrypted protocols with certificate-based authentication • API communications are secured with OAuth 2.0 and JWT tokens

3. ACCESS CONTROLS AND AUTHENTICATION

We implement robust access control mechanisms to ensure only authorized personnel can access sensitive systems and data: • Multi-factor authentication (MFA) required for all administrative access • Role-based access control (RBAC) with least privilege principles • Regular access reviews and automated deprovisioning • Secure password policies with complexity requirements

4. INFRASTRUCTURE SECURITY

Our infrastructure is hosted on secure, compliant cloud platforms with multiple layers of protection: • Web Application Firewall (WAF) protection against common attacks • Distributed Denial of Service (DDoS) protection • Regular security patching and vulnerability scanning • 24/7 security monitoring and intrusion detection

5. COMPLIANCE AND CERTIFICATIONS

We maintain compliance with relevant international standards and regulations: • GDPR compliance for EU data protection requirements • ISO 27001 certified • HIPAA compliant • EU AI Act compliant • Regular third-party security audits and penetration testing Visit our Trust Center at trust.menahealth.com for real-time visibility into our compliance posture, certifications, and security documentation.

6. INCIDENT RESPONSE AND BREACH NOTIFICATION

We have established incident response procedures to quickly identify, contain, and resolve security incidents: • 24/7 Security Operations Center (SOC) monitoring • Defined incident response playbooks for different scenarios • Regular incident response training and simulations • Compliance with breach notification requirements (72 hours where applicable)

7. THIRD-PARTY SECURITY

We carefully vet and monitor all third-party vendors and partners: • Third-party risk assessments before vendor engagement • Regular security reviews of vendor controls • Data processing agreements with appropriate security clauses • Continuous monitoring of vendor security posture

8. EMPLOYEE TRAINING AND AWARENESS

Our employees are our first line of defense against security threats: • Mandatory annual security awareness training • Regular phishing simulations and social engineering testing • Role-specific security training for technical staff • Clear security policies and procedures documentation

10. SECURITY CONTACT INFORMATION

For security-related questions or concerns, please contact us: Email: security@menahealth.com Phone: +41 79 830 13 50 We encourage you to report any security concerns promptly so we can address them effectively.

Mena Health GmbH

Security Overview