Legal

Security at BedHub.

How we protect your data

1. Data Protection

All connections to BedHub are encrypted using HTTPS (TLS/SSL), ensuring that data transmitted between your browser and our servers remains secure and private.

Passwords are never stored in plain text. We use bcrypt hashing, an industry-standard algorithm, to securely store all user passwords. Even in the unlikely event of a data breach, your password cannot be reverse-engineered from its hash.

2. Account Security

We enforce strong password requirements to help protect your account:

  • Minimum length of 8 characters
  • Must include a mix of uppercase and lowercase letters, numbers, and special characters

Sessions are managed securely with automatic expiration after periods of inactivity. You can log out from any device at any time through your account settings.

3. Payment Security

All payment processing on BedHub is handled by Stripe, a PCI DSS Level 1 certified payment provider — the highest level of certification available in the payments industry.

We never store your credit card numbers on our servers. All sensitive payment data is handled directly by Stripe's secure infrastructure. Your financial information never touches our systems.

4. Data Storage

User data is stored in a MySQL database with server-side security measures in place, including:

  • Restricted database access with strong authentication
  • Regular automated backups
  • Server-level firewall protection
  • Parameterized queries to prevent SQL injection attacks

5. Access Controls

BedHub implements role-based access controls to ensure that users can only access the data and features appropriate to their role:

  • Operators can manage only their own facilities and data
  • Caregivers can manage only their own profiles
  • Family members can manage only their own saved searches and preferences
  • Administrators have elevated access with full audit trails to track all administrative actions

6. Reporting Vulnerabilities

We take security seriously and welcome responsible disclosure of any vulnerabilities. If you discover a security issue, please contact us immediately at security@bedhub.com.

Please provide as much detail as possible, including steps to reproduce the issue. We will investigate all reports promptly and work to resolve any confirmed vulnerabilities as quickly as possible.

7. Third-Party Services

BedHub integrates with the following third-party services, each of which maintains its own security practices:

  • Google Maps API — Used for displaying care home locations and enabling map-based search. Subject to Google's privacy policy and security standards.
  • Google Translate API — Used to provide multilingual support across the platform. No personal data is shared beyond the text being translated.
  • Stripe — Used for all payment processing. Stripe is PCI DSS Level 1 certified and maintains rigorous security controls.

We carefully vet all third-party integrations and only partner with services that meet high security standards.