Built for organizations that handle care, health, and field operations data, and that expect their systems to protect it.
ConsidraCare is built for home care agencies, community health nonprofits, and field operations programs. The data these organizations work with is sensitive by nature, so security is not an add-on. It is part of how the platform is designed from the ground up.
Our security program is built around three ideas. Protect data at every layer, give customers visibility and control, and keep pace with the regulatory environments our customers operate in across Canada, the United States, and internationally.
ConsidraCare is actively monitored by Compliancy Group, a leading independent compliance partner trusted by healthcare and SaaS organizations across North America. Compliancy Group continuously verifies our compliance posture across both HIPAA and SOC 2 frameworks, ensuring our security and privacy controls are not just documented but actively maintained.
The badges below are issued and continuously updated by Compliancy Group. Click on either badge to verify our current monitoring status directly with them.
In addition to ongoing monitoring through Compliancy Group, we design ConsidraCare to align with the regulatory frameworks that matter most to our customers across the markets we serve:
Need documentation for your compliance program? Customers and prospective customers can request our current attestations, security questionnaires, and Compliancy Group reports by contacting privacy@considracare.com.
ConsidraCare runs on enterprise-grade Amazon Web Services (AWS) infrastructure. AWS is the same platform trusted by hospitals, banks, and government agencies, and it provides the foundation our security controls are built on.
Encryption in transit. All data moving between your browser, our application, and our infrastructure is encrypted using TLS 1.2 or higher. We do not accept connections on outdated protocols.
Encryption at rest. Customer data stored in our databases and file storage is encrypted at rest using industry-standard AES-256 encryption. Database backups are encrypted with separately managed keys.
Data segregation. Customer data is logically segregated so that no customer can access another customer’s data. Multi-tenant isolation is enforced at both the application and database layer.
Data location. Customer data is hosted in Canadian and US AWS regions. Customers with specific data residency requirements can discuss options with us at the contract stage.
We follow the principle of least privilege, meaning people get access only to what they need to do their job, and no more.
Every meaningful action inside the platform is logged, including record creation, edits, deletions, access events, and administrative changes. These logs are retained for a period appropriate to their type and are available to customers for audit and compliance purposes.
On the infrastructure side, we monitor our systems continuously for unusual activity, failed authentication patterns, and performance anomalies. Alerts route to our on-call team around the clock. Our compliance posture is also continuously verified through Compliancy Group’s monitoring program.
We build security into the development process, not around it.
We back up customer data on a regular schedule, with backups encrypted and stored in a geographically separate AWS region from primary systems. Backup restoration is tested periodically so we know it actually works when it matters.
Our business continuity plan covers system outages, provider failures, and broader disruptions. Recovery time and recovery point objectives are defined per service tier and available on request.
If a security incident occurs, we have a defined process for detection, containment, investigation, and recovery built around HIPAA and SOC 2 requirements. If an incident affects your data, we will notify you without undue delay and within the timeframes required by applicable law. We will tell you what we know, what we do not yet know, and what we are doing about it.
If you believe you have discovered a security issue in our platform, please report it to privacy@considracare.com. We take every report seriously and do not take legal action against researchers acting in good faith.
We work with a small set of carefully selected vendors to provide parts of the ConsidraCare service, including AWS for hosting, our email delivery service, payment processor, and analytics tools. Each vendor is reviewed for their security posture, data handling practices, and regulatory alignment before we use them. Our subprocessor selection is part of what Compliancy Group monitors as part of our ongoing compliance program.
A current list of our subprocessors is available on request for customers who need it for their own vendor management programs.
We do not train third-party AI models on your data.
ConsidraCare uses AI for features like the knowledge assistant and operational insights. Any AI processing of customer data happens under contractual terms that forbid the provider from using your data to train their own models. We are transparent about where AI is used in the platform and what data it sees.
Security is a shared responsibility. While we protect the platform and the infrastructure, there are a few things you and your team should do:
For security questions, vendor due diligence requests, vulnerability reports, or to request our current Compliancy Group attestations and security documentation:
TS Care Givers Inc.
(operating as ConsidraCare)
Ontario, Canada
privacy@considracare.com
