IndieBase
Toggle sidebar
Table of Contents
Data Security
security
encryption
gdpr
How IndieBase protects your data
Data Security
IndieBase implements comprehensive security measures to protect sensitive patient and operational data.
Encryption
Data at Rest:
- Patient names and addresses encrypted in database
- Encryption using Laravel's encryption
- Secure key management
- Database-level encryption available
Data in Transit:
- HTTPS/TLS encryption for all connections
- Secure API communication
- Encrypted synchronization
Access Control
- Authentication - Secure login with optional 2FA
- Authorization - Role-based access control
- Session Management - Secure session handling
- Audit Logging - Complete access audit trails
GDPR Compliance
User Rights:
- Right to access data
- Right to rectification
- Right to erasure (with exceptions for medical records)
- Right to data portability
- Right to object
Data Minimization:
- Only essential data collected
- PID configurable per team
- Retention policies enforced
- Automatic data cleanup
Data Storage
UK/EU Hosting:
- Servers located in UK/EU
- GDPR-compliant hosting
- Regular backups
- Disaster recovery plans
Data Retention:
- Configurable per team
- Medical record retention requirements respected
- Automatic archiving
- Secure deletion when appropriate
Security Measures
- Regular security audits
- Penetration testing
- Vulnerability scanning
- Security updates and patches
- Incident response procedures
Reporting Security Issues
If you discover a security concern:
- Email: support@indiebase.net
- Subject: "SECURITY CONCERN"
- Confidential handling
- Prompt investigation
Related: Contracts and Policies