Security & Data

At Carefolk, we take the security and privacy of your data very seriously.
This focus is a core pillar of our culture.

Data Protection

Privacy & Data

At Carefolk, we guarantee that the privacy of your information will be protected.
We will not access it, modify it, copy it, or delete it, unless you give us expressed permission to do so.
If you ever leave us, we will remove all copies of it on your instruction.

Data Security

Security of your data is our highest priority.
To safeguard you and your client's data Carefolk aligns with industry best practices for protecting confidentiality and data integrity.
This is equivalent to the data security methods used in banking.
Secure access over HTTPS (SSL) is provided with all domains.
Data is encrypted in transfer, and encrypted at rest.
Carefolk Pro data is backed up continuously over a 35 day retention period.

User Access and Authentication

Security of your data is our highest priority.
Each user in has a unique account protected with a password. This account is tied to a verified email address that must be entered when a user logs in.
Carefolk uses an industry-leading user authentication technology to ensure secure access control.
Once signed into a domain on Carefolk Pro, each user is limited in actions to those assigned by the Domain Manager (Care Manager) through role level rights and permissions.

Restricted access by Carefolk Personnel

Carefolk has strict controls that restrict access to our data center infrastructure.
We strictly regulate access and passwords to the few team members that need access to data for troubleshooting and providing support, and we keep a log of all access.

User roles for your team

We have built user roles into Carefolk Pro for you and your team which enables you to allocate different levels of access.
You also have full control to add and remove users if you wish.
For more information on Carefolk User Roles within your team, or company, see User Roles Explained.

Carefolk Pro Data Back-up

Carefolk data is backed up continously, and retained for a 35 day period. You can rest easy knowing that nothing will be lost.

Antivirus and Anti-malware

Software components hosted on Microsoft Azure Cloud Services must go through a virus scan prior to deployment.
Carefolk code is not moved to production without a clean and successful virus scan. 

Physical Security


We host within Microsoft's Azure Cloud Services environment. These world-class data centers contain Carefolk's web/application servers, file servers, and databases. 
Each center facility is designed to run 24x7x365 and employs various measures to protect operations from power failure, physical intrusion, and network outages.
The data centers comply with industry standards, such as ISO 27001, FedRAMP, SOC 1 and SOC 2, for physical security and availability, and are regularly SSAE-18 audited.

Data Center Building Security

Denial of Service Protection is hosted on Microsoft's Azure Cloud Services environment.
Azure has a defense system against Distributed Denial-of-Service (DDoS) attacks on Azure platform services. It uses standard detection and mitigation techniques.
Azure's DDoS defense system is designed to withstand attacks generated from outside and inside the platform.