This page is maintained by PathoSense Healthtech Limited to answer common security and privacy questions about the PathoSense platform. It is not a certification; ask us for our latest DSPT submission or audit summary.
Hosting and isolation
All customer data is hosted in UK or EU regions. Each customer organisation has its own tenant; access is enforced at the database layer through row-level security and a dedicated audit log.
Encryption
Data is encrypted in transit with TLS 1.2 or higher and at rest using AES-256 managed keys.
Access control
Four built-in roles — Care Worker, Registered Manager, Quality Director and Administrator — gate every clinical and administrative surface. Sessions are short-lived and refreshable.
Audit
Every clinical decision, configuration change and export is recorded in an immutable audit trail and exportable as a regulator-ready pack.
Vulnerability disclosure
Please report security issues to security@pathosense.org.uk. We respond within two business days.