Data Security
IndieBase implements comprehensive security measures to protect sensitive patient and operational data.
Encryption
Data at Rest:
- Patient names and addresses encrypted in database
- Encryption using Laravel's encryption
- Secure key management
- Database-level encryption available
Data in Transit:
- HTTPS/TLS encryption for all connections
- Secure API communication
- Encrypted synchronization
Access Control
- Authentication - Secure login with optional 2FA
- Authorization - Role-based access control
- Session Management - Secure session handling
- Audit Logging - Complete access audit trails
GDPR Compliance
User Rights:
- Right to access data
- Right to rectification
- Right to erasure (with exceptions for medical records)
- Right to data portability
- Right to object
Data Minimization:
- Only essential data collected
- PID configurable per team
- Retention policies enforced
- Automatic data cleanup
Data Storage
UK/EU Hosting:
- Servers located in UK/EU
- GDPR-compliant hosting
- Regular backups
- Disaster recovery plans
Data Retention:
- Configurable per team
- Medical record retention requirements respected
- Automatic archiving
- Secure deletion when appropriate
Security Measures
- Regular security audits
- Penetration testing
- Vulnerability scanning
- Security updates and patches
- Incident response procedures
Reporting Security Issues
If you discover a security concern:
Related: Contracts and Policies