Introduction

Rehab-Software is a software-as-a-service (SaaS) platform operated by Strategic Ventures. We are committed to maintaining strong security practices to protect data processed through our platform. This Security Page outlines the administrative, technical, and organisational measures implemented to safeguard user and operational information.

Security Governance

Security at Rehab-Software is managed through defined policies and internal controls designed to protect the confidentiality, integrity, and availability of data, reduce security risks, support regulatory and contractual obligations, and maintain operational resilience. Security practices are reviewed and updated periodically.

Infrastructure Security

Rehab-Software operates on a secure, cloud-based infrastructure designed for high availability and protection. Security measures include hardened server environments, network segmentation, firewall protections, secure cloud hosting environments, and regular system monitoring. Cloud providers are selected based on security, reliability, and compliance standards.

Access Control

Access to systems and data is restricted based on user roles and business necessity. Controls include unique user accounts, strong authentication mechanisms, role-based access control, and limited administrative privileges. Unauthorised access is actively monitored and prevented.

Data Protection

We implement safeguards to protect data throughout its lifecycle. Data in transit is protected through encrypted communication channels such as HTTPS and TLS and secure API connections. Data at rest is protected through encrypted storage where applicable, secure database configurations, and controlled backup systems.

Application Security

Rehab-Software follows secure development practices to reduce vulnerabilities. These practices include secure coding standards, internal testing and quality assurance, regular software updates, and structured patch management processes. Security vulnerabilities are prioritised and addressed promptly.

AI and Automation Security

AI-enabled features, including OCR, automation, and machine learning–assisted extraction, are secured through controlled processing environments, restricted model access, data isolation mechanisms, and human validation requirements. AI systems are designed for operational assistance and do not perform autonomous clinical decisions.

Monitoring and Incident Response

We maintain continuous system monitoring and defined incident response procedures. Monitoring includes performance tracking, security event logging, and suspicious activity detection. In the event of a security incident, immediate containment actions are taken, impact is assessed, affected customers are notified where required, and appropriate remediation steps are implemented.

Business Continuity and Backups

To ensure service reliability, we maintain regular data backups, redundancy mechanisms, disaster recovery procedures, and system restoration plans. These measures help minimise downtime and reduce the risk of data loss.

Employee and Vendor Security

Personnel with system access are subject to confidentiality obligations, role-based access restrictions, and security awareness practices. Third-party service providers are required to follow contractual security obligations, protect data confidentiality, and maintain reasonable security standards. Sub-processors are selected carefully based on security and compliance criteria.

User Security Responsibilities

Users are responsible for protecting their login credentials, using strong passwords, maintaining secure devices, and reporting suspected security issues. Failure to follow recommended security practices may increase the risk of unauthorised access or data compromise.

Compliance and Standards

Our security practices are aligned with GDPR data protection principles, industry-standard SaaS security frameworks, and healthcare software risk management practices. We do not misrepresent regulatory certifications unless they are formally obtained.

Limitations

While reasonable security measures are maintained, no system can be completely immune to cyber threats. Rehab-Software does not guarantee absolute security, and users acknowledge and accept the inherent risks associated with digital technologies.

Policy Updates

This Security Page may be updated periodically to reflect improvements, regulatory changes, or operational requirements. Revisions will be published on our website or platform, and continued use of the service constitutes acceptance of the updated policy.