Security and Data Protection

We take active measures to protect your personal data and all other information handled by the service. This page outlines our key security practices.

Encryption and Communication

  • All communication with the website is conducted via HTTPS (TLS 1.2 or higher).
  • Health data is encrypted in the database.
  • Key management is handled via Azure Key Vault, with a separate key per clinic.

Authentication and Access

  • Login is handled via Azure AD B2C with support for multi-factor authentication (MFA).
  • Practitioners are required to use MFA.
  • Clients may use MFA optionally.
  • Access control is enforced using role-based access control (RBAC).

Hosting and Storage Environment

  • The service is hosted in Azure App Service within the EU/EEA.
  • Data is stored in Azure PostgreSQL Flexible Server.
  • Uploaded files (e.g., logos) are stored in Azure Blob Storage with private access.

Internal Processes and Logging

  • Key actions are logged to detect unauthorized access.
  • Administrative accounts are protected and limited to the minimum necessary permissions.
  • Regular security reviews and updates are performed.

Report a Security Issue

Do you suspect a security problem? Please contact us immediately at: [email protected]

About the site Contact us Support My Account Settings
Cookies GDPR Privacy policy Security Terms of use Disclaimer Impressum
© 2025, Heal Time Online
An unhandled error has occurred. Reload 🗙