Compliance by architecture, not by afterthought.
Docze handles sensitive health information. The way we handle it is one of the things we will not compromise on.
Encrypted in transit and at rest.
All data exchanged with Docze travels over HTTPS. Patient data, clinical notes, billing records, and uploaded documents are encrypted at rest by our European cloud infrastructure.
European cloud, by default.
Docze runs on European cloud infrastructure. No data leaves the EU in normal operation.
Least privilege, everywhere.
Inside Docze, role-based access controls restrict every user to the data they actually need. Sessions time out automatically, and idle accounts lock.
A record of what happened.
Docze keeps an audit trail of meaningful actions across the platform — appointments created, charts edited, prescriptions issued, invoices generated.
Honest, in writing.
If something goes wrong, we tell affected customers as soon as we confirm the issue, and follow the GDPR breach-notification process.
GDPR by architecture.
Docze was designed against the GDPR from day one. We sign a Data Processing Agreement with every customer, and the DPA is available on request before any contract is signed.
Request our DPASpecific questions, due diligence, or DPA review.
Send security-specific questions to hello@docze.com with subject "Security". For general questions, use the contact page.
Contact security