Skip to content
SecurityImplemented

Encryption in Transit & at Rest (AES-256)

All Desha.ai data is encrypted in transit and at rest. Sensitive health and identity fields receive additional protection, and cryptographic keys are managed through a controlled lifecycle.

Request documentation Last reviewed June 2026
DESHA.AI Trust Center

End-to-End Encryption

Encryption in Transit & at Rest (AES-256)
Status: Implemented
Jurisdiction: Platform-wide
Reviewed: June 2026

At a glance

At rest
AES-256
In transit
TLS 1.2+ (1.3 preferred)
Key management
Managed KMS, rotation
Scope
Storage, databases, backups, messaging

In transit

Every connection between apps, services and integrations is encrypted with TLS 1.2 or higher (TLS 1.3 preferred), with modern cipher suites and certificate management. Internal service-to-service traffic is likewise encrypted.

At rest

  • AES-256 encryption for databases, object storage and backups.
  • Field-level protection for the most sensitive identifiers and health data.
  • Encrypted, access-controlled backups with tested restoration.

Key management

Keys are generated and stored in a managed key-management service, separated from the data they protect, with least-privilege access, rotation and audit logging. Application secrets are held in a secrets manager, never in source code.

A note on “end-to-end”

We use “end-to-end encrypted” to mean data is encrypted across every hop and at rest throughout its lifecycle. Where a feature requires server-side processing (for example AI assistance or clinician review), that processing happens inside our encrypted, access-controlled environment under the consent and contracts described across this Trust Center.

Documentation available on request

  • Encryption & key-management overview
  • TLS configuration / external scan summary

Provided to qualified reviewers under a mutual NDA via contactus@desha.ai.

This page summarises Desha.ai’s posture for due-diligence review and does not disclose internal systems or security-sensitive detail. It is informational and not a warranty or legal advice. For contractual terms request our DPA / BAA at contactus@desha.ai.