Data security

We take data privacy and security seriously and are trusted by nearly 600 clinics, over 1.2 million patients and 5,500 doctors. 


Frequently asked questions

We use Microsoft Azure Data Centres to store and process personal data. For our Enterprise Customers, we ensure all data is stored and processed at the Microsoft Azure Data Centre closest to the customer. We have data centres in the UK, EU, USA and Australia.

FollowApp is ISO 27001 certified and therefore has a Security Breach plan that places obligations on staff to report actual or suspected breaches of personal data security and; sets out a procedure for managing and recording actual or suspected breaches. The plan applies to all staff and to all personal data and sensitive Personal Health Information (PHI) held by FollowApp. FollowApp also implements additional security measures which notify us upon any suspicious activities against our data and/or services.

To protect the service against network-based attacks, we use Basic DDoS Protection and Mac Spoofing Protection with our Cloud Service, Microsoft Azure.

All data stored in our SQL databases, all logging data, all blob/file data and all queue messages & other emphemeral data are encrypted at rest, using the cloud provider’s service-side key store.

All connections, internal and external are done via a SSL (HTTPs) Connection.

In SQL Azure, database backups are executed automatically as a part of the service. This is a service offered when you create a SQL Azure database and the first full backup occurs immediately after creation of the database. FollowApp uses’s Azure Storage Accounts setup with Read-access geo-redundant storage (RA-GRS). For a storage account with RA-GRS enabled, all data is first replicated with locally-redundant storage (LRS). An update is first committed to the primary location and replicated using LRS. The update is then replicated asynchronously to the secondary region using GRS. When data is written to the secondary location, it is also replicated within that location using LRS.

We use Identity Server as our base for Authorisations and Roles/Permissions to allow users access into our platform, all of this can and is managed via our Web App.

You can read our full security policy here.

Do you have a question that is not answered here?