How CareTrack protects personal data and platform integrity.
Last updated: 20 May 2026
Security is essential when handling sensitive social care information. This page summarizes technical and organizational measures aligned with GDPR Article 32. For full details on personal data processing, see our Privacy Policy & GDPR.
CareTrack runs on hardened cloud infrastructure with network segmentation, firewalls, and regular patching. Production environments are separated from development. Data at rest and in transit is protected using industry-standard encryption.
Role-based access limits staff, family, and administrator permissions. Multi-factor authentication options and OAuth sign-in reduce credential risk. Access to production systems is restricted to authorized personnel on a need-to-know basis.
We follow secure development practices, dependency monitoring, and testing. User sessions are protected against common web vulnerabilities. AI features require human review before casework outputs affect families, as described in our privacy documentation.
Audit logs track significant actions. We maintain incident response procedures including breach notification to customers and authorities under GDPR Articles 33–34 where applicable.
Subprocessors are assessed and bound by data protection agreements. We support customers with DPIAs and GDPR compliance documentation on request. Finnish and EU data protection requirements are considered in vendor selection and data location decisions.
