HealthcountHealthcount

Security

Healthcount handles health-related data, so security is a foundational concern. This page describes the measures in place to protect data at rest and in transit.

Encryption

  • All data is encrypted in transit using TLS (HTTPS)
  • Data at rest is encrypted using AES-256 encryption
  • Database connections are encrypted and access-controlled

Access control

  • User authentication is handled via secure, industry-standard protocols
  • Role-based access ensures users can only access their own data
  • Administrative access is restricted and logged
  • API routes are protected with authentication checks and CSRF protection

Auditability

  • Audit logs track access to sensitive data and administrative actions
  • Infrastructure is monitored for anomalies and security events

Infrastructure

  • Hosted on secure, SOC 2 compliant cloud infrastructure
  • Security headers configured to prevent common web vulnerabilities (XSS, clickjacking, MIME sniffing)
  • HSTS enabled with preloading for strict HTTPS enforcement

Responsible disclosure

If you believe you have found a security vulnerability, please report it responsibly. Contact us at the address listed on our contact page.

Related reading

Clinical boundaries

What Healthcount does and does not do

Privacy & UK GDPR

How Healthcount handles data responsibly

What is Healthcount?

A quiet-by-design maintenance companion

Questions about security?

We're happy to discuss our security approach in detail during a pilot conversation.

Request pilot