Trusted with the most sensitive data there is
Care records are among the most personal data there is. CareSpace is built to protect them at every layer, and to give you the evidence inspectors ask for.
MFA by default
Authentication on Amazon Cognito with mandatory time-based one-time-password (TOTP) MFA for every user, including first-time enrolment.
Role-based access
Eight roles with strict route-level gating, people only ever see the residents, records and tools their role permits.
Full audit trail
Every create, update and view is logged, giving you inspection-ready evidence on demand.
Tenant isolation
Each organisation's data is isolated within the platform, so one service can never see another's information.
Hardened delivery
A fully static front-end served over HTTPS via Amazon CloudFront, a deliberately small attack surface, with no server to breach.
Least-privilege by design
From the login screen to the audit log, access is scoped to the minimum each person needs to do their job.
Security built in, not bolted on
- Mandatory multi-factor authentication (TOTP) for every user
- Eight roles with strict, route-level access control
- Per-organisation data isolation across the platform
- Complete, queryable audit trail of every action
- Served over HTTPS via Amazon CloudFront
- Built on Amazon Web Services infrastructure
Your data stays in the UK
CareSpace runs on Amazon Web Services in the UK, with data encrypted in transit. Care records never leave the region, helping you meet your own data-protection and information-governance obligations.
Have a security or DPO question?
We're happy to walk your team through how CareSpace handles authentication, access and audit. Book a call and bring your checklist.