Product
Solutions
Developers
Resources
Company
Request demo
Home · Trust & Compliance

Privacy is not a feature. It's a property of the system.

LumkoMDX is architecturally aligned with the world's leading healthcare data frameworks — POPIA, HIPAA, GDPR, ISO 27001 / 27799. Below, the structural guarantees you can audit.

Architecturally aligned — formal certification on the roadmap as the platform reaches first-pilot maturity.

Three absolutes

The structural guarantees.

Data never moves.

Records stay in the source institution. Federated queries route compute to data, never the other way around.

Identity dissolves at source.

Cryptographic pseudonymisation happens before any data is touched. The federation layer never sees identifiers.

Every action is signed.

Cryptographic audit trail covers every query, every result, every export. The log is yours; we never have copies.

Frameworks

Built to the standards that matter.

We have not yet completed external certification audits. The architecture is designed to satisfy these frameworks structurally — so when we audit, the controls are already in place.

POPIA

Protection of Personal Information Act

South Africa · Section 14 enforced through pseudonymisation at source.

Architecturally aligned
HIPAA

Health Insurance Portability & Accountability Act

USA · Privacy and Security Rule alignment for cross-border partnerships.

Architecturally aligned
GDPR

General Data Protection Regulation

EU · Article 32 satisfied by architecture; data minimisation by default.

Architecturally aligned
ISO

ISO 27001 / 27799

Information security management framework. Healthcare-specific controls mapped.

Architecturally aligned
SOC

SOC 2 Type II

Security, availability, confidentiality controls in place; formal audit on roadmap.

On roadmap
HL7

HL7 FHIR R5

Native conformance. No proprietary schemas, no vendor lock-in.

Native

Architecture

Four layers. Zero exposure.

01

Source layer

Your EMR, your servers, your control. The federation node sits inside your perimeter.

02

Pseudonymisation layer

Identifiers replaced with cryptographic tokens before any query touches the data. Reversible only by you.

03

Federation layer

Queries fan out to source nodes; only aggregated results return. The orchestrator sees no PHI, ever.

04

Audit layer

Every operation cryptographically signed and logged to your immutable store. Independently verifiable.

Documentation

Whitepapers & technical documents.

Document drafts in progress. The links below are placeholders — finalised PDFs will be published as each is completed and reviewed by counsel.

Request early access
Architecture Whitepaper
Full technical specification of the federation layer.
Draft · in review
Notify me
POPIA Alignment Statement
Section-by-section mapping of LumkoMDX architecture to the Act.
Draft · in review
Notify me
Three-Boundary Model
How identity, query, and consent are kept structurally separate.
Draft · in review
Notify me
Federated Analytics Primer
How a query runs across institutions without data movement.
Draft · in review
Notify me

Audit-ready. Out of the box.

Walk through our architecture with our compliance team. No forms, no friction.