Find a Doctor
Our Solutions
Our Solutions
Our Solutions
Financial Information
Financial Information

With E-Invoice and E-SMM integrations, you can effortlessly create and send your e-invoices through Callendoc. You can quickly complete your collections and make your business processes more efficient.
Appointment Management
Appointment Management

We offer an advanced appointment tracking system that allows you to manage your appointments effectively, taking into account your work schedule and consultation times.
Medical Tracking
Medical Tracking

With the patient information management system, you can quickly and easily record your patients' medical histories and consultation information, and access past findings with just a few clicks.

Patient Tracking
Patient Tracking

With the Patient Tracking System that works in conjunction with appointment, medical modules, and financial modules, you can record patient information and all visit protocols according to health systematics.

View All Solutions
PricingArticlesFree ResourcesSupport
About Us
Who We AreContactCareersAdvisory Board
For Patients
Doctors and SpecialistsFrequently Asked QuestionsCorporate AgreementsData SecurityPatient Membership AgreementContact
For Doctors
Our SolutionsIntegrationsArticlesPricingDoctor Membership AgreementPatient Information Text
Find a Doctor
Sign Up Now Sign In
Sign Up Now Sign In
Agreements

Data Security

Cookie Information Text
Data Security
Doctor Membership Agreement
Doctor Information Text
Data Security

CALLENDOC DATA SECURITY POLICY - HEALTHCARE PROFESSIONAL VERSION

Last Updated: November 2025

This Data Security Policy outlines the comprehensive measures CALLENDOC implements to protect the professional accounts, patient data, and consultation records of healthcare professionals. We are committed to maintaining enterprise-grade security standards compliant with UK data protection laws and professional regulations.

1. SECURITY OVERVIEW

CALLENDOC employs a multi-layered security approach:

  • End-to-End Encryption for professional records
  • Infrastructure Protection against cyber threats
  • Strict Access Controls limiting staff and provider access
  • Incident Response Procedures for breaches
  • Regular Security Audits and compliance testing
  • Employee Training & Confidentiality agreements
  • Automated Data Backup & Recovery systems
  • Physical & Environmental Controls in data centers

2. ENCRYPTION & DATA TRANSMISSION

2.1 IN-TRANSIT ENCRYPTION

SSL/TLS Protocol

  • All data transmitted between your device and our servers encrypted with TLS 1.2 or higher
  • Industry standard: 256-bit encryption
  • Banking-level security standards
  • Prevents eavesdropping and unauthorized interception

HTTPS Enforcement

  • All pages require secure HTTPS connection
  • Insecure HTTP connections automatically redirected
  • Browser displays security indicators for secure connection

Professional Communications Encryption

  • Consultation notes and professional records encrypted
  • Provider-to-patient communications encrypted
  • Financial transaction data encrypted

2.2 DATA AT-REST ENCRYPTION

Database Encryption

  • All professional records encrypted using AES-256
  • Encryption keys stored separately from data
  • Automatic encryption applied to all new records

Backup Encryption

  • Backup copies encrypted with industry standards
  • Professional data backed up with full encryption
  • Archive data encrypted and tested regularly

3. INFRASTRUCTURE SECURITY

3.1 CLOUD INFRASTRUCTURE

Server Locations

  • Primary servers in UK data centers
  • Backup servers in EU-compliant facilities
  • Professional data remains in UK/EEA

Protection Measures

  • DDoS protection and mitigation
  • Web Application Firewalls
  • Network segmentation
  • Regular vulnerability scanning

Availability & Redundancy

  • Load balancing for continuous service
  • Automatic failover systems
  • Multiple data center locations
  • Uptime commitment: 99.5% (SLA)

3.2 PHYSICAL SECURITY

Data Centers

  • ISO 27001 certified facilities
  • 24/7 surveillance and monitoring
  • Restricted physical access (biometric entry)
  • Environmental controls (fire suppression, climate)
  • On-site security personnel

3.3 NETWORK SECURITY

Firewalls & Detection

  • Enterprise firewalls on all perimeters
  • Intrusion Detection Systems
  • Intrusion Prevention Systems
  • Regular firewall rule updates

Monitoring

  • 24/7 network traffic monitoring
  • Automated alerts for suspicious activity
  • Incident response protocols
  • Security Information & Event Management

4. ACCESS CONTROLS

4.1 PROFESSIONAL ACCOUNT SECURITY

Access Restrictions

  • Only you or authorized staff access your account
  • Login credentials are personal and non-transferable
  • Valid email and password required for access

Password Requirements

  • Minimum 12 characters recommended
  • Combination of uppercase, lowercase, numbers, symbols
  • Passwords hashed using bcrypt (never stored in plain text)
  • You are responsible for password confidentiality

Account Lockout

  • Multiple failed login attempts trigger automatic lockout
  • Account locked for 30 minutes or until manual unlock
  • Security verification required for suspicious access
  • Email confirmation for unusual login attempts

Session Management

  • Automatic timeout after 30 minutes of inactivity
  • Secure session tokens with limited validity
  • Session invalidation on logout
  • Session limits (1-3 concurrent sessions per professional account)

Multi-Factor Authentication

  • MFA available for enhanced security
  • Methods: SMS, Email, Authenticator app
  • Highly recommended for all professional accounts
  • Mandatory for certain account types

4.2 STAFF ACCESS CONTROLS

Role-Based Access

  • Staff access only to data necessary for role
  • Callendoc staff cannot access professional fees without authorization
  • Support staff cannot access consultation notes
  • All access logged and monitored

Offboarding

  • All access revoked immediately upon termination
  • Passwords changed for shared accounts
  • Access logs reviewed for unusual activity

5. BACKUP & DISASTER RECOVERY

5.1 BACKUP PROCEDURES

Automatic Backups

  • Daily automated backups of all professional data
  • Backup copies retained for minimum 6 months
  • Geographic redundancy across locations
  • Incremental and full backups scheduled

Backup Security

  • Backups encrypted with AES-256
  • Backup access restricted to authorized personnel
  • Backup locations physically secured
  • Regular integrity testing

5.2 DISASTER RECOVERY

Recovery Plan

  • Documented Disaster Recovery Plan (DRP)
  • Recovery Time Objective (RTO): 4 hours
  • Recovery Point Objective (RPO): 1 hour
  • Quarterly testing with dry-run exercises

Your Data Protection

  • You may request historical data restoration
  • Data restoration available for records up to 6 months old
  • Processing time: 5-10 business days

6. THIRD-PARTY SECURITY

6.1 VENDOR MANAGEMENT

Processor Requirements

  • All processors require Data Processing Agreements (DPA)
  • Must meet GDPR and UK standards
  • Annual security assessments
  • Right to audit processor systems

Payment Processors

  • PCI DSS Level 1 compliance
  • No storage of banking credentials
  • Payment data encrypted and tokenized
  • Regular penetration testing

Cloud Providers

  • ISO 27001, SOC 2 Type II certified
  • UK and EU data center locations
  • Contractual data protection guarantees
  • Continuous compliance monitoring

6.2 SUB-PROCESSORS

Infrastructure: AWS (EU/UK regions)
Payments: Stripe, PayPal
Communications: SendGrid, Twilio
Analytics: Google Analytics

Complete sub-processor list available upon request.

7. INCIDENT RESPONSE

7.1 INCIDENT MANAGEMENT

Detection & Response

  • 24/7 security monitoring and alerts
  • Incident response team on-call
  • Investigation within 2 hours of detection
  • Severity levels: Critical, High, Medium, Low

Response Procedures

  • Immediate containment of affected systems
  • Investigation to determine scope
  • Remediation of vulnerabilities
  • Notification if your data is affected

Notification

  • If your professional data is breached, notified within 72 hours
  • UK GDPR requirement
  • Notification includes scope and remediation steps

8. SECURITY AUDITS & TESTING

Regular Reviews

  • Monthly access and activity log reviews
  • Quarterly security configuration reviews
  • Bi-annual penetration testing
  • Annual full security assessments

Third-Party Audits

  • Annual penetration testing by accredited firm
  • Annual vulnerability assessments
  • SOC 2 Type II audits (annually)
  • ISO 27001 certification (target)

9. EMPLOYEE SECURITY

Training

  • Mandatory data protection training for all staff
  • Annual refresher training
  • Role-specific security training
  • Training covers: data handling, incident response, professional regulations

Confidentiality

  • All staff sign strict confidentiality agreements
  • Non-disclosure of professional data
  • Proper handling of credentials
  • Breach results in termination and legal action

Vetting

  • Background checks for all hires
  • Reference verification
  • Ongoing suitability monitoring

10. REGULATORY COMPLIANCE

Data Protection Compliance

  • UK GDPR compliance
  • Data Protection Act 2018
  • Privacy by Design methodology
  • Data Protection Impact Assessments

Professional Regulations

  • GMC, GDC, HCPC compliance
  • Professional conduct standards
  • Healthcare law compliance

Security Standards

  • OWASP Top 10
  • NIST Cybersecurity Framework
  • ISO 27001
  • PCI DSS

11. SECURITY INCIDENT CONTACTS

To report a security issue:

Email: [email protected]
Include: Description of issue, affected systems, impact, date/time, documentation
Response: Within 24 hours guaranteed

Data protection concerns:

Email: [email protected]

12. YOUR SECURITY RESPONSIBILITIES

  • Maintain confidentiality of login credentials
  • Use strong, unique passwords
  • Enable Multi-Factor Authentication
  • Do not share account access
  • Log out when using shared devices
  • Report suspicious activity immediately
  • Keep contact information current
  • Review your activity logs

13. UPDATES TO THIS POLICY

We regularly update this policy for:

  • Emerging threats and best practices
  • Regulatory changes
  • Technology improvements
  • Audit findings

Changes notified via email and website announcement.

14. CONTACT INFORMATION

For security and data protection inquiries:

Security Questions: [email protected]
Data Protection Officer: [email protected]
Privacy Inquiries: [email protected]
Mailing Address: Callendoc, London, United Kingdom
Response Time: Within 5 business days

This Data Security Policy complies with:

  • UK General Data Protection Regulation (GDPR)
  • Data Protection Act 2018
  • Privacy and Electronic Communications Regulations (PECR)
  • Professional Conduct Standards (GMC, GDC, HCPC)
  • ISO 27001 Information Security Standards

Last Updated: November 2025

Sign Up
Basic Logo
Consult online immediately with our specialist physicians!
+44
+44
  • At least 6, maximum 16 characters
  • At least 1 uppercase letter
  • At least 1 lowercase letter
  • At least 1 number
  • At least 1 special character (!@#$%^&* etc.)

Or

Sign Up with Google Icon Sign Up with Google
Sign In
Basic Logo
Sign in now,create your appointments!
+44
+44
Forgot your password?

Or

password Sign In with Password Sign In with Google Icon Sign In with Google
Forgot My Password
+44
+44
Day
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
Month
01
02
03
04
05
06
07
08
09
10
11
12
Year
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999
1998
1997
1996
1995
1994
1993
1992
1991
1990
1989
1988
1987
1986
1985
1984
1983
1982
1981
1980
1979
1978
1977
1976
1975
1974
1973
1972
1971
1970
1969
1968
1967
1966
1965
1964
1963
1962
1961
1960
1959
1958
1957
1956
1955
1954
1953
1952
1951
1950
1949
1948
1947
1946
1945
1944
1943
1942
1941
1940
1939
1938
1937
1936
1935
1934
1933
1932
1931
1930
1929
1928
1927
1926
1925
1924
1923
1922
1921
1920
1919
1918
1917
1916
1915
1914
1913
1912
1911
1910
1909
1908
1907
1906
1905
1904
1903
1902
1901
1900
Cookie Preferences

We use cookies to ensure our site works properly, to personalise content and advertisements, to provide social media features and to analyse our site traffic. We also share information about your site usage with our social media, advertising and analytics partners.

1st Party Cookies Necessary Cookies

Cookies used for the stable operation of the Callendoc website.

Cookie Name
Purpose
Duration
privacy_policy_accept
Stores information about whether the cookie policy has been accepted.
1 Year
allowed_cookies
Stores information about which cookies you have accepted.
1 Year
XSRF-TOKEN
Enables automatic verification of your visitor identity in the background
2 Hours
callendoc_session
Used to enable the site to recognise you
2 Hours
3rd Party Cookies Analytical Cookies

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information about metrics such as visitor numbers, bounce rate, traffic source, etc.

Cookie Name
Purpose
Duration
_hjAbsoluteSessionInProgress
_hjFirstSeen
_hjSession_hjSessionUser
These cookies, set by Hotjar, provide us with valuable insights on how we can improve your user experience.
0,5 Saat
Advertising Cookies

On our sites, we may collect information about your online activities to present advertisements related to products and services customised to your individual interests. For this purpose, we may also obtain information from third-party websites where our advertisements are served.

Cookie Name
Purpose
Duration
_fbp
These cookies, set by Facebook, track visitor, session, and campaign data and also monitor site usage for the website’s analytics report. The cookie stores information anonymously and assigns a randomly generated number to identify unique visitors.
2 Yıl
Save Special Preferences
Accept All Cookies

Başarılı

Choose Your Cookie Preferences

Cookies are used on our site to provide you with the best service. For details Cookie Information Text you can review or customise cookies.

Customise Cookies
Accept All Cookies