Security

Data residency

Customer data is stored on infrastructure located in the United Kingdom and European Union (London region). We do not move personal data outside the UK or EEA without an appropriate safeguard in place.

Encryption

All traffic to Veri-Shift is encrypted in transit using TLS. Data is encrypted at rest by our database and file-storage providers.

Access control

Access to your organisation data is restricted by role — owner, superuser, manager and admin — and every member only sees the organisation they belong to. Locum documents are held in private storage and are never publicly accessible.

Payments

Card payments are processed by Stripe. Veri-Shift never sees or stores your full card details.

Sub-processors

We rely on a small set of established providers for hosting, database, file storage, email and payments. A current list is available on request to security@veri-shift.co.uk.

Reporting a problem

If you believe you have found a security issue, please email security@veri-shift.co.uk and we will respond promptly. Please do not disclose it publicly until we have had a chance to address it.