Legal

Security & data protection

Last updated 6 June 2026

Patient data is sensitive, and protecting it is foundational to ChartChronicle Health. Security is engineered into the platform - not bolted on. This page describes the controls we operate and how to reach our security team.

Tenant isolationApp-layer scope checks + PostgreSQL Row-Level Security.

EncryptionTLS in transit; encrypted at rest, on devices, and for MFA secrets.

Access controlRole-based, 6 scope levels, membership-bound sessions.

Multi-factor authRequired for elevated roles; lockout on repeated failures.

Tamper-evident auditHash-chained access log; reviewed break-glass.

Patient agencyPortal record access, who-accessed-me, consent control.

Tenant isolation

Every clinical record is scoped to an organisation and facility. Isolation is enforced at the application layer (server-side scope checks that return “not found” rather than revealing another tenant's data) and, on PostgreSQL, by database-level Row-Level Security - so Hospital A cannot read Hospital B's data, and isolation holds across states and countries.

Encryption

Data is encrypted in transit (TLS) and at rest. Passwords are stored only as salted hashes, multi-factor secrets are encrypted, and offline data cached on devices for community/CHW workflows is encrypted on the device.

Access control & authentication

Access is governed by role-based access control with fine-grained permissions and six scope levels. Sessions are bound to a membership; revoking access cuts active sessions and sync devices immediately. Multi-factor authentication is required for elevated roles, and accounts are protected by rate limiting and lockout on repeated failed attempts.

Tamper-evident audit trail & patient agency

Every access to a clinical record is logged in a tamper-evident, hash-chained audit trail, and “break-glass” emergency access requires a reason and is reviewed. Patients can use the portal to view their own records, see who accessed them and when, request corrections, and manage consent - supporting the transparency rights in Nigeria Data Protection Act 2023 (NDPA) and the Nigeria Data Protection Regulation 2019 (NDPR).

Resilience

The platform supports durable background processing, an optional read replica, S3-backed attachment storage, and an offline-first path so that low-connectivity workflows continue and sync when a connection returns. Operators run regular backups and disaster-recovery drills as part of production deployment.

Data-protection alignment

The platform is built to support each country's data-protection law - Nigeria Data Protection Act 2023 (NDPA) and the Nigeria Data Protection Regulation 2019 (NDPR) in Nigeria, POPIA in South Africa, the Data Protection Act in Ghana and Kenya, and equivalents elsewhere - including data-subject access and breach-notification workflows. We describe our handling of personal data in the Privacy Policy and our processing commitments in the Data Processing Agreement. We continue to mature our independent assurance posture; we do not claim certifications we do not hold.

Responsible disclosure

If you believe you have found a security vulnerability, please report it privately to hello@chartchronicle.com. We ask that you give us a reasonable opportunity to investigate and remediate before public disclosure, and that you do not access, modify or delete data that is not yours. We will acknowledge legitimate reports and keep you informed.

Contact

Security questions, due-diligence requests or our security documentation: hello@chartchronicle.com or contact our team.