Security
Built to protect
what matters most
CareDeck handles some of the most sensitive personal data imaginable. Here is exactly how we protect it.
UK data residency
All data is stored and processed on UK-based infrastructure. Your resident data never leaves the United Kingdom.
Encryption at rest
PII fields — NHS number, date of birth, GP details — are encrypted at the column level using PGP symmetric encryption with a key held separately from the data.
Encryption in transit
All traffic between your browser, our API, and our database uses TLS 1.3. There are no unencrypted pathways.
Row-level security
PostgreSQL RLS policies ensure care homes can only ever access their own residents' data — enforced at the database layer, not just the application layer.
Immutable audit log
Every sensitive action is recorded — who, what, when, from which IP. Audit logs cannot be modified or deleted. Required evidence for CQC inspections.
Role-based access control
8 distinct care-home roles with a fine-grained capability engine. Care workers' access is further gated by shift clock-in status.
HttpOnly session cookies
Session tokens are stored in HttpOnly, Secure, SameSite=Strict cookies. JavaScript cannot read them — XSS attacks cannot steal authentication tokens.
Penetration testing
We commission independent penetration testing annually. Full reports are available to Enterprise customers under NDA.
Compliance
Regulatory alignment
CareDeck is designed to meet the compliance expectations of UK health and social care regulation.
Responsible disclosure
Found a security issue? Please email security@caredeck.co.uk. We operate a responsible disclosure policy and will acknowledge your report within 24 hours. We do not take legal action against good-faith researchers.
Ready to simplify
CQC compliance?
Join care homes across the UK using CareDeck to keep residents, families and inspectors happy.
Free trial · No credit card needed · UK data residency