At EyeBooked, data protection isn’t an afterthought β it’s the foundation of everything we do. We understand how critical it is for healthcare providers to keep patient information safe, secure, and compliant with modern standards. This page outlines the key security measures and protocols EyeBooked has in place to protect your clinic and your patients.
π’ Hosting Infrastructure (UK-Based AWS)
EyeBooked is hosted on Amazon Web Services (AWS), a globally trusted cloud platform.
- UI and backend systems are hosted on AWS EC2 instances with a load balancer
- Data is stored in a secure RDS database, also on AWS
- All infrastructure is hosted in UK-based AWS data centers, certified to ISO 27001 standards
- All communication is secured with SSL encryption
π Bank-Level Encryption
We use industry-leading encryption to protect data both at rest and in transit:
- AES-256 encryption secures stored data
- TLS 1.3 protects data in transit
- Encryption certificates use:
- RSA 2048-bit private key algorithm
- SHA-256 signing algorithm
This ensures every piece of data remains protected from unauthorized access.
π€ Access Controls & Authentication
EyeBooked includes several layers of user access control:
- Multi-Factor Authentication (MFA) is supported for both:
- Clinic users on the Business Portal
- Patients using the Public Booking Portal
- Role-based access control on the Business Portal limits access based on staff roles
- All login sessions are protected via SSL/TLS
π Privacy & Compliance
We are committed to transparency and compliance with UK and EU data laws. EyeBooked offers:
These policies outline how we collect, process, and protect personal data in full compliance with GDPR.
π Operational Security & Payments
Weβve integrated secure, industry-standard tools for payment and data management:
- Stripe is our payment processor β fully PCI DSS compliant
- Daily backups of data are performed automatically by AWS and stored securely in the London AWS region
- Server and database access is tightly restricted using AWS IAM roles and policies
π¨ Incident Response & Uptime
We are committed to keeping EyeBooked running securely and reliably:
- Our hosting provider (AWS) offers 99.99% uptime, backed by a formal Service Level Agreement (SLA)
- In the rare event of an outage or data issue, our Terms & Conditions and Data Processing Policy outline existing protections
- Weβre currently enhancing our incident response plans for even faster recovery and notification
β Summary Table
| Area | Measures |
|---|---|
| Hosting | AWS UK (ISO 27001 certified) |
| Encryption | AES-256 (at rest), TLS 1.3 (in transit) |
| Authentication | MFA, SSL, role-based access |
| Compliance | GDPR, Data Processing & Privacy Policies |
| Backups | Daily via AWS, UK region |
| Payments | Stripe (PCI compliant) |
| Uptime | 99.99% SLA via AWS |
Need Help?
Have questions about how your patient data is handled? Visit our support section or reach out to us directly. Weβre here to help.