Careflow

Security

Security

How we protect your sensitive clinical data.

End-to-end encryption

Sensitive clinical data is encrypted at rest with AES-256 and in transit with TLS 1.3.

GDPR compliance

The platform is built respecting GDPR by-design and by-default principles.

Role-based access control

Data access is granted on a least-privilege basis — each user sees only what they need.

Two-factor authentication (2FA)

TOTP support compatible with Google Authenticator, Authy, and any standard authenticator app.

Automated backups

Daily backups with 30-day retention, stored within the European Union.

Audit logs

All critical actions are recorded in immutable audit logs, accessible to administrators.

Vulnerability Reporting

If you have discovered a security vulnerability, please report it responsibly to security@careflow.app. Please do not publicly disclose the issue before receiving confirmation that it has been resolved.