Security & Data

At Carefolk, we take the security and privacy of our user's data very seriously.
This focus is a core pillar of our culture.

Data Protection

Privacy & Data

At Carefolk, we guarantee that the privacy of your information will be protected.
We will not access it, modify it, copy it, or delete it, unless you give us expressed permission to do so.
If you ever leave us, we will remove all copies of it on your instruction.

Data Security

Security of your data is our highest priority.
To safeguard data Carefolk aligns with industry best practices for protecting confidentiality and data integrity.
This is equivalent to the data security methods used in banking.
Secure access over HTTPS (SSL) is provided with
Data is encrypted in transfer, and encrypted at rest.

User Access and Authentication

Security of your data is our highest priority.
Each user in has a unique account protected with a password. This account is tied to a verified email address that must be entered when a user logs in.
Carefolk uses an industry-leading user authentication technology to ensure secure access control.

Restricted access by Carefolk Personnel

Carefolk has strict controls that restrict access to our data center infrastructure.
We strictly regulate access and passwords to the few team members that need access for troubleshooting and providing support, and we keep a log of all access.

Antivirus and Anti-malware

Software components hosted on Microsoft Azure Cloud Services must go through a virus scan prior to deployment.
Carefolk code is not moved to production without a clean and successful virus scan. 

Physical Security


We host within Microsoft's Azure Cloud Services environment. These world-class data centers contain Carefolk's web/application servers, file servers, and databases. 
Each center facility is designed to run 24x7x365 and employs various measures to protect operations from power failure, physical intrusion, and network outages.
The data centers comply with industry standards, such as ISO 27001, FedRAMP, SOC 1 and SOC 2, for physical security and availability, and are regularly SSAE-18 audited.

Data Center Building Security

Denial of Service Protection is hosted on Microsoft's Azure Cloud Services environment.
Azure has a defense system against Distributed Denial-of-Service (DDoS) attacks on Azure platform services. It uses standard detection and mitigation techniques.
Azure's DDoS defense system is designed to withstand attacks generated from outside and inside the platform.