img
img

Security

Last updated: November 22, 2025

1. Overview

At MedAi Digital Partners LLC (“MedAi”, “we”, “our”), security is a core part of how we design, develop and operate digital solutions. This Security page explains the technical and organizational measures we apply to protect data, systems and services.

These security practices apply to our websites, AI-driven platforms, hosting environments and software solutions, unless otherwise agreed in a specific contract or data processing agreement.

2. Infrastructure & Network Security

MedAi uses modern hosting providers and infrastructure partners that follow industry-standard security practices. Depending on the project and client requirements, systems can be hosted in Kosovo, EU data centers or other agreed locations.

  • Use of secure data centers with physical access controls.
  • Segregated environments for development, testing and production where appropriate.
  • Firewall protection, network-level filtering and restricted access to management ports.
  • Use of VPN, secure tunnels or IP allowlisting for administrative access.

3. Data Protection & Encryption

We take measures to protect the confidentiality and integrity of client and end-user data:

  • Data in transit is generally protected using TLS/HTTPS encryption.
  • For sensitive workloads, we support encryption at rest, depending on the hosting provider and architecture.
  • Access to databases and storage is limited to authorized systems and personnel.
  • Backups, where implemented, are stored securely and access-controlled.

The type of encryption and storage solution used depends on the nature of the project, chosen infrastructure and contractual agreements with the client.

4. Access Control & Identity Management

We follow the principle of least privilege and role-based access wherever possible:

  • Internal access is restricted to staff who need it to perform their work.
  • Administrative accounts are protected with strong passwords and, where available, multi-factor authentication (MFA).
  • Client dashboards or admin panels can be protected with user roles and permissions.
  • Access reviews and account clean-ups are performed periodically.

5. Application Security

Our engineering process is designed to reduce common security risks in web and API applications:

  • Use of secure coding practices and frameworks.
  • Input validation and sanitation to reduce injection risks.
  • Session management aligned with best practices where applicable.
  • Separation of public and administrative interfaces.

For AI and data-driven applications, we also review how models interact with external inputs to reduce abuse, prompt injection or unintended data exposure where possible.

6. Monitoring, Logging & Incident Response

Depending on the project scale and infrastructure, MedAi may implement various monitoring and logging mechanisms:

  • Basic uptime and availability monitoring for hosted services.
  • Server and application logs for troubleshooting and security review.
  • Error reporting for application-level exceptions.

If we become aware of a security incident that significantly impacts systems or data under our responsibility, we will:

  • Investigate the root cause.
  • Take measures to contain or mitigate the issue.
  • Inform affected clients in line with contractual and legal obligations.

7. Client Responsibilities

Security is a shared responsibility between MedAi and our clients. We expect each client to:

  • Use strong, unique passwords and enable MFA where supported.
  • Protect their own devices and networks from malware and unauthorized access.
  • Limit account access to trusted staff and revoke access when no longer needed.
  • Immediately inform us if they suspect unauthorized access or unusual behavior.

For systems where clients manage their own hosting or infrastructure, the client may be responsible for additional layers of security (e.g. server hardening, firewall rules).

8. Third-Party Providers & Integrations

Many digital solutions require integrations with third-party tools (payment gateways, email services, analytics, AI APIs, etc.). While we carefully select providers, we cannot control their infrastructure or internal processes.

Clients should also review the security and privacy documentation of any third-party services they choose to integrate into their platforms.

9. Data Location, Backups & Retention

Data may be stored in Kosovo, EU or other regions depending on:

  • The hosting provider(s) selected for the project.
  • Client requirements and contractual obligations.
  • Technical architecture (e.g. CDN, global infrastructure).

Backups, if configured, are typically stored in secure locations with controlled access. Data retention periods are defined by contract, regulatory requirements, or internal policies.

10. Training & Internal Processes

MedAi promotes security awareness among team members involved in development, operations, AI model handling and client support. Depending on their role, staff may receive:

  • Guidance on secure coding and deployment practices.
  • Training on handling client data and confidential information.
  • Instructions on recognizing phishing or social engineering attempts.

11. No Absolute Guarantee

While MedAi takes reasonable and appropriate steps to protect systems and data, no digital platform can be guaranteed 100% secure. Cyber threats evolve continuously, and residual risk can never be completely eliminated.

By using our services, you acknowledge that you understand and accept this inherent limitation.

12. Changes to This Security Page

We may update this Security page from time to time to reflect improvements, new services or regulatory changes. The latest version will always be available on this page with an updated “Last updated” date.

13. Contact

If you have questions about our security practices or need more details for a specific project, please contact us:

MedAi Digital Partners LLC
Ferizaj, Kosovo
Email: info@medai.llc
Phone: +383 30 200 100