Security & trust
Handled with the care you'd give a client.
Clinical data is some of the most sensitive there is. TheraPlatform treats it that way — starting with the architecture.
Tenant isolation
Every tenant's data lives behind row-level policies. Nothing crosses tenant boundaries — enforced in the database, not just the app.
Role-based access
Fine-grained roles (tenant admin, clinical director, practitioner, receptionist, finance, client). Sensitive records — safeguarding, incidents — are gated further.
Encryption
TLS in transit; AES-256 at rest for records, notes and attachments. Session tokens are short-lived and rotate on privilege changes.
Audit log
Every read of a clinical record, every export, every role change — immutably logged and available to tenant admins.
Backups & DR
Encrypted daily backups, point-in-time recovery within 7 days, and quarterly disaster-recovery drills.
Vendor hygiene
Sub-processors are limited, disclosed and reviewed annually. DPAs available on request.
Jurisdiction packs
Compliance shaped to your country, not the other way round.
United Kingdom
Active
UK-GDPR aligned, ICO-registered data controller, BACP/HCPC-friendly clinical templates. UK data residency available on Growth+.
United States
Active
HIPAA-aware infrastructure, BAAs available, US-region hosting, clinical templates aligned with common state licensure boards.
Nigeria
Active
NDPR-aligned processing, Paystack for local payments (₦), Naira invoicing, and clinical templates suited to Nigerian practice.
This page is maintained by TheraPlatform to answer common security and privacy questions. It is not an independent certification. For a security review or DPA, please contact us.