Discover free eBooks, guides and med spa templates on our new resources page

Security controls medical practitioners can trust

Here’s how we keep your data safe and secure.

Cloud infrastructure

Pabau uses DigitalOcean as our cloud infrastructure provider, which implements strong technical controls to protect your data. 

Secure payment processing

Pabau securely processes transactions using Stripe, a leading payment platform with the highest level of PCI compliance. 

We don’t store or access credit card details. Stripe encrypts card data, restricts internal access, and ensures secure communication over HTTPS/TLS.

Comprehensive security best practices for your peace of mind

Cloud-based hosting

Pabau's cloud-based platform is safeguarded by advanced security measures designed to protect your data at every level. 

From secure server hosting and two-factor authentication to firewalls and regular security updates, our infrastructure ensures the highest standards of protection and scalability. 

Data encryption 

Pabau ensures data security by encrypting data at rest using LUKS and AES-256, with encryption managed by our third-party provider, DigitalOcean. To protect data in transit from interception or tampering, we use TLS encryption.

These security measures help prevent breaches, safeguard sensitive information, and ensure compliance with industry standards such as PCI and HIPAA

Daily back-ups

Pabau performs daily data backups, with files securely stored in multiple locations.

We retain backups for six months, ensuring data integrity, facilitating analysis, and allowing for the recovery of patient files in case of accidental alterations or deletions.

Incident response plans

Pabau follows industry best practices by implementing proactive monitoring, data encryption, and secure backups.

In the event of an incident, we have defined protocols to assess risks, mitigate threats, and restore data efficiently, ensuring minimal disruption and compliance with security standards like HIPAA and PCI.

Regular security audits

At Pabau, security is a fundamental priority. Our platform is hosted in highly secure facilities that undergo regular, rigorous assessments.

We implement multiple layers of protection, including 24/7 surveillance, access controls, advanced encryption, and continuous monitoring to safeguard your data.

How we ensure patient data stays safe

Running a medical spa or healthcare business means processing sensitive patient data every day. That’s why Pabau provides robust security tools to ensure your data remains safe, secure, and accessible only to authorized personnel. 

Two-factor authentication

Two-factor authentication (2FA) in Pabau adds an extra layer of security. 

Users must enter a 6-digit code, sent to their mobile phone, along with their username and password in order to log in.

Role-based authorization

With role-based authorization, medical personnel can control access to confidential patient data in Pabau and restrict patient records to themselves only or their medical team.

HIPAA compliance toggle

Enabling our HIPAA compliance support toggle in Pabau adjusts system settings to support with compliance. This includes disabling certain features.

Read more about the toggle.

Robust password rules

You can ensure password security by setting expiration frequency, enforcing password history, limiting invalid login attempts, and defining lockout duration to enhance account protection.

Security rating score

Our security rating score evaluates your system setup by analyzing the security features you have activated in Pabau. It’s a quick way to help you identify areas for improvement.

Calendar lock screen

Secure the calendar with a passcode to prevent unauthorized access. This is perfect for maintaining privacy when clients are nearby or when stepping away from the front desk.

Pabau GO iOS app pin code

Every user of the iOS app (for clinic teams) must have a unique PIN code. 

This allows you to trace actions within Pabau’s patient journey feature back to specific users and create a clear audit trail.

Fully paperless experience

Securely add forms and photos directly to a patient record via the Pabau Go iOS app and web-based version of Pabau. 

This can eliminate the need for scanning, uploading, and transferring between devices.

Supported by our internal experts

Professional onboarding process

At Pabau, our fully managed process simplifies data migration, ensuring the safe and accurate transfer of your client details, appointments, financial records, and more.

Our experienced team handles everything so you can confidently transition to Pabau with minimal stress and disruption.

Security enhancements recommendations

We’ll provide tailored recommendations to enhance security and streamline usage of key features during our account optimization process, which every new customer receives.

Our team will guide you through best practices for protecting your data and ensuring you use the right tools to maintain a secure system.

What our customers are saying

Ready to join thousands of clients worldwide?

Frequently asked questions

Our uptime is above 99.99% for the past 12 months. In other words, over the past year we have had less than nine hours of downtime out of a total of 8760 hours. 

View our system status at any time here: https://pabau.instatus.com/

They’re stored in London, UK

All data provided will be stored securely in London for UK customers, ensuring full compliance with UK and EEA data protection regulations, including GDPR.

For non-UK customers, we are currently evaluating regional storage options to better align with local data protection requirements.

Yes, we do. The provider is called DigitalOcean.

Like many businesses, we use this company to host our servers virtually so we’re not reliant on physical servers. Hosting everything virtually makes it easier for individuals and businesses to manage their online presence without worrying about the technical details of hardware and infrastructure. DigitalOcean is one of the largest and most stable globally.

You can view our privacy policy here: https://pabau.com/privacy-policy/

Yes, we do. View our webpage about GPDR here: https://pabau.com/gdpr/

A software solution alone won’t make your business HIPAA compliant. We support HIPAA compliance with robust tools such as authorized personnel access, audit logs, and data encryption and secure storage. However, you must also implement the appropriate policies and procedures within your organization to ensure you comply with all HIPAA requirements.

We also have a HIPAA compliance toggle that enables you to activate HIPAA compliance support in Pabau. Read more here: https://pabau.com/hipaa-compliance/

Your data is yours. It will be back in your hands within 30 days of canceling. We delete it within 90 days.

We use Amazon Web Services to store photos. Read more here: https://aws.amazon.com/

Ready to see how Pabau can
help your practice grow?