Security & Data Protection

The publicly reachable Care Hub instance is a demonstration environment. Every resident, staff member, medication record, incident and document in it is fictional sample data. It contains no real personal, clinical or safeguarding information about any identifiable person.

• Do not enter real resident, staff, family or clinical data into the demo.
• Demo data may be reset or rebuilt at any time without notice.
• Demo accounts are scoped to a sample home and are not intended for production record-keeping.

The application is served by Vercel. Application data is held in a managed PostgreSQL 17 database provided by Supabase, hosted in the London (eu-west-2) region — United Kingdom. Primary data residency is therefore the UK.

User sign-in is handled by Supabase Auth, supporting email & password, magic-link email, and Google sign-in. Credentials are stored and verified by Supabase Auth using salted password hashing; the application never stores raw passwords. Sessions are cookie-based and revalidated on every request by middleware.

The platform enforces distinct application roles:

• Super admin
• Registered manager
• Deputy manager
• Nurse
• Senior carer
• Carer
• Support staff
• Family (restricted to a linked resident only)

Access is additionally scoped by organisation and by home (site), so users only see the home(s) they belong to. Family accounts are limited to the resident they are explicitly linked to.

Multi-tenant separation is enforced in the database with PostgreSQL Row-Level Security, keyed on organisation and site membership, in addition to the application-level role checks above. The privileged service-role database key is used only in server-side code and is never exposed to the browser.

State-changing actions are written to an append-only audit log. Each entry records the acting user, their organisation, a timestamp, the affected record, and a diff of what changed. Logged actions include record creation and updates, resident admission and discharge, archival, medication (MAR) sign and co-sign, clinical RAG overrides, viewing of personal/clinical information, exports and deletions.

All traffic is served over HTTPS/TLS. Encryption at rest for the database, file storage and backups is provided by the managed Supabase platform.

Supabase provides managed database backups. The frequency of automated backups and the availability of point-in-time recovery depend on the production Supabase plan. We do not claim daily backups or point-in-time recovery on the current demo project. An appropriate paid plan with verified backups and point-in-time recovery must be in place and tested before any live resident data is migrated. Customer data can be exported on request.

Care Hub includes an optional resident-wellness summary feature. When used, recent daily care notes, meal intake, vitals and risk information for a single resident are sent to Anthropic (Claude) to generate an assistive written summary.

• AI output is assistive only and must be reviewed by a competent professional.
• AI is never used for automated clinical, medication or safeguarding decisions.
• The feature is disabled when no AI provider key is configured.

• Vercel — application hosting and delivery.
• Supabase — database, authentication and file storage (UK region).
• Anthropic — optional AI wellness summaries (only when enabled).
• Resend — transactional email (only when email is configured).

Each sub-processor maintains its own security and compliance posture on its certified infrastructure.

Care Hub processes personal and special-category (health) data under UK GDPR. The care provider is the data controller; JonnyAI acts as data processor. A Data Processing Agreement is provided before any live data is onboarded. Data-subject requests (access, rectification, erasure) are supported through the care provider as controller. The demo environment uses fictional data only and is designed for data minimisation.

Live records are retained in line with the care provider's record-retention schedule and applicable health & social care requirements. On offboarding, data is exported to the provider and then deleted within an agreed window.

Care Hub is a record-keeping, evidence and operational management system. It is not a medical device. It does not provide diagnosis or treatment recommendations and does not replace professional clinical judgement. Clinical and medication decisions remain the responsibility of suitably qualified staff.

Suspected security incidents are triaged on discovery. Affected controllers are notified without undue delay so they can meet their own UK GDPR breach-notification obligations to the ICO and data subjects where required.

JonnyAI does not currently hold a formal ISO 27001, SOC 2 or Cyber Essentials certification for Care Hub. The platform is built on infrastructure providers (Supabase, Vercel, Anthropic) that maintain their own independent compliance attestations. Certification status will be stated honestly here as it changes.

For security or data-protection questions, or to request the Data Processing Agreement, contact your JonnyAI account manager or the contact named in your pilot agreement.