Compliance & Security

Built for the standards
that matter.

NASHRA handles pharmaceutical data with the seriousness it deserves. Every architectural decision is made with your compliance officers, IT security teams, and regulatory affairs managers in mind.

FHIR R5 CompliantJordan ePI Type 2GDPR Baseline ReadyZero-Cookie Architecture
Regulatory Standards

Standards we're built to — not certified by.

We use precise language. “Built to specification” means our outputs conform to the standard. We do not claim certifications we haven't earned.

FHIR R5

HL7 FHIR Release 5

Full FHIR R5 bundle generation. MedicinalProductDefinition, Ingredient, ManufacturedItemDefinition, PackagedProductDefinition, RegulatedAuthorization, and ClinicalUseDefinition resources.

Jordan ePI Type 2

JFDA Electronic Product Information Type 2

Built to the Jordan ePI Type 2 specification from the ground up. Not retrofitted — purpose-built for JFDA submission requirements.

HL7 Terminology

HL7 FHIR Terminology Server

FHIR-native multilingual support. Arabic and English bidirectional FHIR bundle linking with proper Identifier and CodeableConcept mapping.

Security Architecture

Your data stays yours.

We handle pharmaceutical data with the seriousness it deserves. Row-level encryption. Zero tracking cookies. GDPR baseline ready.

Row-Level Security (RLS)

Every data row is isolated at the database level. Users can only access records they're explicitly authorized for.

End-to-End Encryption

Data encrypted in transit (TLS 1.3) and at rest (AES-256). Encryption keys are customer-isolated.

Zero-Cookie Architecture

No tracking cookies. No third-party analytics. Session management is entirely server-side and token-based.

Cloudflare-Protected

All traffic proxied through Cloudflare's global network. DDoS protection, WAF rules, and rate limiting at the edge.

GDPR Baseline Ready

No personal data stored beyond what's necessary. Data deletion requests honored within 30 days. No cross-border transfers without consent.

AI Proxy Architecture

Gemini AI requests are proxied through NASHRA's secure backend. Your document content never reaches Google directly.

Infrastructure

Enterprise-grade infrastructure partners.

Supabase
Database, Auth, RLS — PostgreSQL-based. SOC 2 Type II compliant.
Cloudflare
Edge network, DDoS protection, WAF, global CDN.
Google Gemini AI (via proxy)
AI inference — all requests proxied, never direct from client.

Share with your IT security team.

Download our compliance specification sheet or speak directly with our security team.

Contact Security Team