Security

Your clients' trust is our architecture

Every security decision in Eunoia was made because mental health records deserve the highest standard of protection.

Security by design

lock

Encryption at rest

AES-256 encryption for all stored clinical records, files, and assessment data.

vpn_lock

Encryption in transit

TLS 1.3 for all API calls, file transfers, and client-server communication.

public

UK & EU data residency

All clinical data stored on servers within the UK or EEA. No third-country transfers.

manage_accounts

Role-based access control

Therapists, patients, and supervisors each see only what they are permitted to see.

receipt_long

Immutable audit trail

Every access, edit, share, and export is logged with timestamp, user ID, and action type.

domain

Multi-tenant isolation

Each practice's data is completely isolated. No shared tables for clinical records.

verified_user

UK GDPR compliant

Built to UK GDPR and ICO guidance from day one — not retrofitted after the fact.

delete_sweep

Right to erasure support

Technical capability to fulfil data subject requests with appropriate legal retention caveats.

How we handle clinical data

Mental health records are Article 9 special category data under UK GDPR. We process them under the healthcare provision lawful basis, with explicit client consent. This means stricter obligations — and stricter standards.

gavel

Regulatory compliance

check_circleUK GDPR & ICO guidance

check_circleRomanian GDPR & ANSPDCP

check_circleBACP & UKCP record-keeping guidance

check_circleCPR documentation standards (Romania)

check_circleData Processing Agreements with all sub-processors

check_circleISO 27001 infrastructure provider

Questions about security? Contact us at security@eunoia.app