Patient data deserves a higher bar.
Every architectural choice we make starts with one question: would I trust this with my own mother's chart?
HIPAA-aligned
LiveAdministrative, physical, and technical safeguards. BAAs available on Business+.
GDPR-ready
LiveSubject access, deletion, and portability built-in. EU residency on Enterprise.
SOC 2 Type II
In progressAudit underway with a Big 4 partner. Report available under NDA late 2026.
ISO 27001
Planned 2027Information security management system roadmap.
DHA compliant
LiveAligned to Dubai Health Authority data residency rules.
How we keep data safe.
The six controls every MeadyCare tenant gets — at every price tier.
Tenant isolation
Every row carries a tenant_id. Postgres row-level security enforces it on every read and write — even for our admins.
Encryption everywhere
TLS 1.3 in transit. AES-256 at rest. Signed URLs for attachments. Secrets in a managed vault, never in code.
Audit log on every write
Who did what, to which record, when, from which IP. Exportable. Immutable. Always on.
Role-based access
Granular roles per tenant: superadmin, company admin, caregiver, family. Least-privilege by default.
Data residency
GCC by default. EU and UK regions available on Enterprise. Custom residency on request.
Backups & recovery
Point-in-time recovery to any second in the last 7 days. Full daily backups retained 30 days.
Legal documents
Privacy Policy, Terms of Service, Data Processing Addendum, and Business Associate Agreement available on request.
- Privacy Policy
- Terms of Service
- Data Processing Addendum (DPA)
- Business Associate Agreement (BAA)
- Subprocessor list
Status page: all systems operational. We publish incidents publicly within 24 hours.