Clinical data deserves the strictest handling there is. This is how we treat yours.
Data is encrypted in transit and at rest, with keys managed per clinic and audited access to every record.
Compliant storage and processing across every region we operate in, with data residency options for your jurisdiction.
Every message, draft, approval and change is logged. You can always answer who did what, and when.
Nothing clinical sends without a clinician’s signature, and nothing operational sends without your team’s approval.
AES-256 at rest and TLS 1.3 in transit, with keys managed per clinic and rotated on a fixed schedule.
Role-based, least-privilege access for clinic staff. Our own engineers reach production data only through audited break-glass procedures.
Every message, draft, approval and signature is written to an immutable event log your clinic can export at any time.
Records stay in your region. UK, EU and US hosting today, with residency options extending as we open new countries.
A published subprocessor list, data-processing agreements in place, and thirty days notice before anything changes.
A 99.9% availability target with independent monitoring. When something does go wrong, your clinic hears it from us first.