Security
Security and privacy are foundational to everything we build. Here's how we protect your clinic and your patients.
The Symptom Checker collects zero personal data — no accounts, no logins, no cookies tracking users. It's anonymous by architecture, not by policy. The Clinical Platform stores clinical data with full GDPR compliance, detailed consent tracking, and audit logs.
All data is encrypted using AES-256 at rest and TLS 1.3 in transit. Database backups are encrypted. API tokens are hashed. We use HTTPS everywhere — no exceptions.
Clinicians, front desk staff, and admins have different access levels. Patient data is only visible to authorised users within the same clinic. Multi-tenant isolation ensures clinics never see each other's data.
Every action in the Clinical Platform is logged — who accessed what, when, and from where. Audit trails are immutable and available for compliance reporting.
The Symptom Checker includes a two-tier red flag screening system. Hard stops for emergencies (e.g., cauda equina symptoms) and soft warnings for conditions requiring prompt medical attention — ensuring patient safety at every step.
Hosted on enterprise-grade infrastructure with automated backups, monitoring, and incident response. Regular security updates and dependency auditing keep the platform protected against known vulnerabilities.
We take security seriously. If you have questions about our practices or need documentation for your compliance team, get in touch.
Contact Us About Security