Security
← Back to ResourcesEncryption overview
Handover records are sensitive by definition, so encryption is not optional anywhere in the pipeline. This page is a high-level overview of how data is protected in transit and at rest, not a certification claim.
01 ···· 03
In transit
Connections between clinician devices, the Handovex backend, and supporting services are made over TLS. Live audio streams and record reads travel encrypted.
02 ···· 03
At rest
Primary data stores apply AES-256 encryption at rest, covering the clinical record database and stored audio. Encryption at rest is provided at the infrastructure layer and is always on.
03 ···· 03
Key and secret handling
Service credentials are held server-side and never shipped to the browser. API keys can be isolated per clinic, so one organisation’s credentials are never shared with another.