DATA GOVERNANCE & SECURITY
Built on practical protection, not legal assumption.
Laws can be ignored. Enforcement is uncertain. Kushé's patient data protection is built on five overlapping practical layers — technology controls that prevent unauthorized access regardless of intent, human accountability structures, and architectural decisions that limit exposure at every point.
The host country Ministry of Health owns the data. Kushé is the platform that makes it useful. The data is never sold. Not to pharmaceutical companies. Not to researchers. Not to anyone. Revenue comes from service fees — implementation, training, support, and integration. Never from the data itself.
All patient data is hosted on African servers — AWS Cape Town. Every access is logged. Every device can be remotely wiped. A clinician cannot look up a patient from another facility without that patient's QR card being physically present.
MoH data custodianship
The host country Ministry of Health holds database credentials and oversight authority. The data belongs to the host country — not to Kushé.
Encrypted at every layer
Local device database encrypted with SQLCipher. Data in transit via TLS 1.3. Data at rest via AES-256. MDM remote wipe on lost or stolen devices.
Data never sold — unconditional
This is not a pilot-period policy. Patient data will never be sold, licensed, or shared with commercial entities. Permanent and unconditional.
African data hosting
All patient records stored on AWS Cape Town infrastructure. Data never leaves Africa without explicit MoH consent.
Immutable audit trail
Every record access, export, and clinical action is logged permanently. No user — including administrators — can delete audit entries.
Patient rights
Every patient can request a copy of their record, review who has accessed it, and revoke any active share links. The record belongs to the patient.