Security Policy

SOC 2

maintains compliance with industry-recognised security frameworks and has successfully completed SOC 2 Type II audits for Security, Availability, and Confidentiality. These audits are conducted by independent third parties to validate our internal controls. For a copy of our SOC 2 report, please email .

Healthcare & Sensitive Data

Our platform supports workflows involving sensitive or regulated data. For use cases requiring HIPAA compliance, we offer a Business Associate Agreement (BAA) to customers on applicable plans. Contact for more details.

Infrastructure and Server Security

runs on cloud infrastructure hosted in regional data centres (UK, EU, US, AU). All services are deployed in isolated environments with access restricted to essential personnel. SSH access is disabled on all production-facing services.

Secure Communication

All data exchanged with our services is encrypted in transit using HTTPS (TLS 1.2+). We enforce secure headers and best-practice cipher suites to mitigate common attack vectors.

Data Storage and Backups

Data is stored using encrypted, region-local storage solutions (e.g., AWS DynamoDB, MongoDB Atlas, etc.) and backed up regularly to encrypted object storage with redundancy and disaster recovery protocols in place.

Employee Access and Controls

No employee at may access customer data without written permission from the customer, except in emergency service incidents. All access is logged, audited, and strictly time-bound.

Authentication and User Security

All passwords are hashed using bcrypt before storage. Passwords are never logged, and we offer optional two-factor authentication (2FA) to strengthen account protection.

Payment & Credit Card Security

All payment processing is handled by , a PCI-DSS certified payment gateway. We do not store or transmit credit card details on our servers.

Security Inquiries

If you have any questions, concerns, or security-related incidents to report, please email .