Secure and always available

The security and availability of your data is paramount. We have an extensive (and growing) list of measures in place to ensure data security and service continuity.

Shield
  • Your data is secure

    We continously review and update the measures we take to secure your data.

  • Your data is always available

    We host across multiple EU countries and service providers to ensure we stay online.

  • Don't just take our word for it

    Monitoring, vulnerability scans and pentests performed by 3rd-parties.

A secure platform

CareHQ requires users to login with a username and password over a secure connection (HTTPS), we also:

  • Support 2-factor authentication
  • Allow access to be restricted to a set of IP addresses
  • Encrypt data at rest and in transit.
  • Provide breached password detection from HaveIBeenPwned.
MFA / 2FA authentication app on a mobile phone

Data controls and tracing

Control the data users can access through user roles, monitor changes and get notified when data is exported.

  • Care sector based user roles; account owners, regional managers, location users and care advisors
  • Easily view changes to any record, who made them and when.
  • Get notified when data is exported from CareHQ
Data export details

Designed to be resilient

CareHQ is hosted across multiple European countries and hosting services  (AWS, GCP, OVH), in the event of a server failure traffic is automatically routed to healthy servers.

Client databases are replicated across multiple servers in real-time to ensure data is always available. Hourly and server snapshots are taken to provide historic back ups (retained for 31 days).

We regularly test our network and infrastructure to ensure that CareHQ remains operational when components fail.

Full control with dedicated hosting

We also offer a dedicated hosting option for clients who want full control over the CareHQ application, their data and the hosting environment.

  • Fully customise CareHQ to your business process
  • Complete physical isolation of your data
  • Additional control over the hosting environment including geographic location and service providers

Independently monitored and tested

We use leading independent services to verify CareHQ is accessible and secure.

  • 24/7 monitoring from StatusPalWormly, and Route 53 Health checks
  • Weekly vulnerability scans from HackerTarget
  • Intrusion Detection & Incident Response from Sandfly and AWS GuardDuty.
  • Domain typositting monitoring to identify phishing risks.
  • Annual pen tests
  • ISO 27001 certified
  • Cyber Essentials Plus certified