Security Overview
Last updated: 1 January 2024
This page is a high-level overview of how Microdoc approaches security and data protection. It is intended to describe our current operating posture, not to list every internal control or make certification claims beyond what we publish explicitly.
Core Safeguards
Encryption
Data is encrypted in transit and at rest.
Access controls
Access is restricted through authenticated accounts, role-based permissions, and additional controls such as multi-factor authentication where enabled.
Auditability
Key product and administrative workflows are designed to maintain visible audit records and operational logs.
Infrastructure
We use an EU-first hosting approach and approved service providers to operate the platform.
Operating Posture
- GDPR-aligned data handling
- HIPAA-ready deployment posture
- Customer data is not used to train machine learning models
- International transfers only where needed to operate the service with approved providers
Hosting and Transfers
Microdoc follows an EU-first hosting model. Some supporting providers may process data outside the EEA where this is necessary to deliver the service. In those cases, we use approved providers and appropriate contractual and technical safeguards.
Security Questions
For security questions, due diligence requests, or customer reviews, contact brian@microdoc.io.