data security and compliance

Our software leverages several technologies to ensure that stored data is encrypted at rest. Platform data is stored using AES-256 encryption (bank-level security).
All data is encrypted in transit with TLS version 1.2 or 1.3 and 2,048-bit keys or better.
All payments and card data storage are supported by Stripe. It has the most stringent level of certification available in the payments industry (PCI Service Provider Level 1).

We conduct organisation-wide password changes every 90 days, with strict password complexity requirements.
We use strong authentication methods such as multi-factor authentication (MFA) to verify the identity of users accessing our software. This adds an extra layer of security beyond passwords.
A data retention policy outlining the types of data collected and the duration for which it will be retained. This includes instant deletion of patient notes after they are no longer required.
Role-Based Access Control (RBAC) to control access to different levels of data based on users' roles within the software. Only authorised personnel have access to sensitive patient information.