Sanpha
Boring on purpose

Boring choices, honestly described.

The interesting parts of healthcare are the medication and the people. Everything underneath should be predictable, fast, and well-defended.

Built around these standards

  • GDPREU compliant
  • ISO 27001Aligned
  • PCI DSSPayment ready
  • HIPAAAligned
  • MA Law 09-08Loi marocaine
A · The choices

Six things we did on purpose.

B · Plain language

What we do, don't do, can't yet claim.

  • WE CAN

    Verify identity, log every action, encrypt traffic, and let you delete your account.

  • WE CANNOT

    Replace your doctor, guarantee no platform ever has a bug, or detect malice without you reporting it.

  • WE WON'T

    Sell your health data, run ads against it, or share it with third parties without your explicit consent.

C · Disclosure

Found a security bug?

Write to security@sanpha.ma. We acknowledge within one working day and credit you publicly once a fix is shipped, if you'd like.

  • Initial acknowledgement within one working day.
  • Triage and severity within five working days.
  • Please do not test on accounts you do not own. No phishing, social-engineering or DoS.
  • Bounties — yes, on a case-by-case basis for valid findings.