Foundations

Security & trust

Clinical data deserves the strictest handling there is. This is how we treat yours.

Encrypted, everywhere

Data is encrypted in transit and at rest, with keys managed per clinic and audited access to every record.

GDPR, HIPAA and SOC 2

Compliant storage and processing across every region we operate in, with data residency options for your jurisdiction.

A full audit trail

Every message, draft, approval and change is logged. You can always answer who did what, and when.

Humans hold the keys

Nothing clinical sends without a clinician’s signature, and nothing operational sends without your team’s approval.

Encryption

AES-256 at rest and TLS 1.3 in transit, with keys managed per clinic and rotated on a fixed schedule.

Access control

Role-based, least-privilege access for clinic staff. Our own engineers reach production data only through audited break-glass procedures.

Audit trail

Every message, draft, approval and signature is written to an immutable event log your clinic can export at any time.

Data residency

Records stay in your region. UK, EU and US hosting today, with residency options extending as we open new countries.

Subprocessors

A published subprocessor list, data-processing agreements in place, and thirty days notice before anything changes.

Availability

A 99.9% availability target with independent monitoring. When something does go wrong, your clinic hears it from us first.