Discover free eBooks, guides and med spa templates on our new resources page
Here’s how we keep your data safe and secure.
Pabau uses DigitalOcean as our cloud infrastructure provider, which implements strong technical controls to protect your data.
Pabau securely processes transactions using Stripe, a leading payment platform with the highest level of PCI compliance.
We don’t store or access credit card details. Stripe encrypts card data, restricts internal access, and ensures secure communication over HTTPS/TLS.
Pabau's cloud-based platform is safeguarded by advanced security measures designed to protect your data at every level.
From secure server hosting and two-factor authentication to firewalls and regular security updates, our infrastructure ensures the highest standards of protection and scalability.
Pabau ensures data security by encrypting data at rest using LUKS and AES-256, with encryption managed by our third-party provider, DigitalOcean. To protect data in transit from interception or tampering, we use TLS encryption.
These security measures help prevent breaches, safeguard sensitive information, and ensure compliance with industry standards such as PCI and HIPAA
Pabau performs daily data backups, with files securely stored in multiple locations.
We retain backups for six months, ensuring data integrity, facilitating analysis, and allowing for the recovery of patient files in case of accidental alterations or deletions.
Pabau follows industry best practices by implementing proactive monitoring, data encryption, and secure backups.
In the event of an incident, we have defined protocols to assess risks, mitigate threats, and restore data efficiently, ensuring minimal disruption and compliance with security standards like HIPAA and PCI.
At Pabau, security is a fundamental priority. Our platform is hosted in highly secure facilities that undergo regular, rigorous assessments.
We implement multiple layers of protection, including 24/7 surveillance, access controls, advanced encryption, and continuous monitoring to safeguard your data.
Running a medical spa or healthcare business means processing sensitive patient data every day. That’s why Pabau provides robust security tools to ensure your data remains safe, secure, and accessible only to authorized personnel.
Two-factor authentication (2FA) in Pabau adds an extra layer of security.
Users must enter a 6-digit code, sent to their mobile phone, along with their username and password in order to log in.
With role-based authorization, medical personnel can control access to confidential patient data in Pabau and restrict patient records to themselves only or their medical team.
You can ensure password security by setting expiration frequency, enforcing password history, limiting invalid login attempts, and defining lockout duration to enhance account protection.
Our security rating score evaluates your system setup by analyzing the security features you have activated in Pabau. It’s a quick way to help you identify areas for improvement.
Secure the calendar with a passcode to prevent unauthorized access. This is perfect for maintaining privacy when clients are nearby or when stepping away from the front desk.
Every user of the iOS app (for clinic teams) must have a unique PIN code.
This allows you to trace actions within Pabau’s patient journey feature back to specific users and create a clear audit trail.
Securely add forms and photos directly to a patient record via the Pabau Go iOS app and web-based version of Pabau.
This can eliminate the need for scanning, uploading, and transferring between devices.
At Pabau, our fully managed process simplifies data migration, ensuring the safe and accurate transfer of your client details, appointments, financial records, and more.
Our experienced team handles everything so you can confidently transition to Pabau with minimal stress and disruption.
We’ll provide tailored recommendations to enhance security and streamline usage of key features during our account optimization process, which every new customer receives.
Our team will guide you through best practices for protecting your data and ensuring you use the right tools to maintain a secure system.
“Different staff levels get appropriate access to system features. Practitioners can customize their own documentation preferences. Front desk sees everything needed for scheduling and billing. Management gets good overview reports of all operations.”
“Started with basic features when we were smaller and added more as needed. The scalable system grew alongside our practice without issues. Adding new providers and staff members is simple. Multiple users levels keep sensitive data properly restricted.”
“Digital forms have made intake so much faster for new patients, with help from the team the customization options let us create exactly what we needed for different treatments. Everything gets stored securely and we can access it from any computer…”
“Been using the digital forms feature for about 6 months now and it’s amazing how much paper we’ve saved. No more dealing with messy handwriting or lost documents in the office. The templates are pretty easy to customize for different treatments and patient info…”
“System has been stable during our two years of use with minimal interruptions. Updates happen overnight so they don’t disrupt our workflow. Backup systems have worked well during internet outages. Speed stays consistent even with multiple users logged in.”
Our uptime is above 99.99% for the past 12 months. In other words, over the past year we have had less than nine hours of downtime out of a total of 8760 hours.
View our system status at any time here: https://pabau.instatus.com/
They’re stored in London, UK
All data provided will be stored securely in London for UK customers, ensuring full compliance with UK and EEA data protection regulations, including GDPR.
For non-UK customers, we are currently evaluating regional storage options to better align with local data protection requirements.
Yes, we do. The provider is called DigitalOcean.
Like many businesses, we use this company to host our servers virtually so we’re not reliant on physical servers. Hosting everything virtually makes it easier for individuals and businesses to manage their online presence without worrying about the technical details of hardware and infrastructure. DigitalOcean is one of the largest and most stable globally.
You can view our privacy policy here: https://pabau.com/privacy-policy/
Yes, we do. View our webpage about GPDR here: https://pabau.com/gdpr/
A software solution alone won’t make your business HIPAA compliant. We support HIPAA compliance with robust tools such as authorized personnel access, audit logs, and data encryption and secure storage. However, you must also implement the appropriate policies and procedures within your organization to ensure you comply with all HIPAA requirements.
We also have a HIPAA compliance toggle that enables you to activate HIPAA compliance support in Pabau. Read more here: https://pabau.com/hipaa-compliance/
Your data is yours. It will be back in your hands within 30 days of canceling. We delete it within 90 days.
We use Amazon Web Services to store photos. Read more here: https://aws.amazon.com/
Resources
Industries