apptmint

Security

Your data is safe with us

Built for UK healthcare and professional services. GDPR compliant, ICO registered, hosted in the UK and EU.

ICO Registered
UK GDPR Compliant
Data Protection Act 2018
ISO 27001 Infrastructure
TLS 1.3 Encrypted
UK/EU Data Residency

Data Encryption

All data is encrypted at rest using AES-256 and in transit using TLS 1.3. Database backups are encrypted with separate keys. Encryption keys are rotated regularly and managed through a dedicated key management service.

  • AES-256 encryption at rest
  • TLS 1.3 encryption in transit
  • Encrypted database backups
  • Regular key rotation

GDPR Compliance

Apptmint is designed from the ground up to meet the requirements of the UK GDPR and the Data Protection Act 2018. We process personal data lawfully, transparently and for specified purposes only.

  • Lawful basis for all data processing
  • Data minimisation by default
  • Right to access and deletion built in
  • Data Processing Agreements available
  • Privacy Impact Assessments conducted

ICO Registration

Apptmint Ltd is registered with the Information Commissioner's Office (ICO) as a data controller and data processor. Our registration is kept current and our data protection practices are reviewed annually.

  • Registered data controller and processor
  • Annual review of data protection practices
  • Designated data protection point of contact
  • Breach notification procedures in place

UK and EU Hosting

All customer data is hosted on infrastructure located within the UK and EU. We do not transfer personal data outside of these jurisdictions. Our infrastructure providers maintain ISO 27001 certification.

  • UK and EU data centres only
  • No international data transfers
  • ISO 27001 certified infrastructure
  • 99.9% uptime SLA

Access Controls

Role-based access controls ensure that staff only see the data they need. Clinical notes, financial records and client data can be restricted per role. All access is logged and auditable.

  • Role-based permissions
  • Per-therapist data isolation
  • Audit logging on all access
  • Two-factor authentication available
  • Session timeout controls

Backup and Recovery

Automated daily backups with point-in-time recovery. Backups are stored in a separate geographic region within the UK/EU. Recovery procedures are tested quarterly.

  • Automated daily backups
  • Point-in-time recovery
  • Geographically separate backup storage
  • Quarterly recovery testing
  • 30-day backup retention

Questions about security?

Our team can walk you through our security practices and provide any documentation you need.

Get in Touch

Ready to run your business without the chaos?

Start free today. We'll help you get set up.

Start Free 30 Days Book a Demo