Security
Security
How we protect your sensitive clinical data.
End-to-end encryption
Sensitive clinical data is encrypted at rest with AES-256 and in transit with TLS 1.3.
GDPR compliance
The platform is built respecting GDPR by-design and by-default principles.
Role-based access control
Data access is granted on a least-privilege basis — each user sees only what they need.
Two-factor authentication (2FA)
TOTP support compatible with Google Authenticator, Authy, and any standard authenticator app.
Automated backups
Daily backups with 30-day retention, stored within the European Union.
Audit logs
All critical actions are recorded in immutable audit logs, accessible to administrators.
Vulnerability Reporting
If you have discovered a security vulnerability, please report it responsibly to security@careflow.app. Please do not publicly disclose the issue before receiving confirmation that it has been resolved.