Data Security

Protecting sensitive health and organisational data is central to everything we do at Ally Health. As an occupational health platform handling confidential information, we understand the responsibility our clients place in us—and we take that trust seriously. Our systems are built with security, privacy, and compliance at their core, ensuring your data remains safe at every stage. 

Our Security Commitment

We are committed to maintaining the highest standards of data protection across our platform and operations. While we are not yet ISO 27001 or Cyber Essentials certified, we are actively working towards these recognised UK security standards and implementing the controls required for compliance. In the meantime, we have already adopted rigorous technical and organisational measures that align with industry best practice.

Encryption

All data is encrypted in transit using TLS 1.2+

Sensitive data stored within our systems is protected using strong encryption at rest

Secure Infrastructure

Cloud-hosted in trusted, UK data centres with strong physical security

Advanced firewalls, network segmentation, and intrusion prevention systems

Access Control

Strict role-based access policies

Staff access is granted on a least-privilege basis

Multi-factor authentication for internal and administrative accounts

Continuous Monitoring

Real-time alerts for unusual activity

Regular vulnerability scanning and patch management

Proactive detection of potential risks to maintain system integrity

Robust Organisational Policies

Comprehensive internal policies for data handling and confidentiality

Mandatory staff training on security, data protection, and GDPR responsibilities

Logging and audit trails to ensure accountability and traceability

Clear incident response and disaster recovery procedures

Data Protection & Privacy

We comply with the UK GDPR and Data Protection Act 2018, ensuring your personal data is handled lawfully, transparently, and securely.

We only collect data required to deliver our services

Personal data is never shared without a lawful basis

We uphold your rights to access, rectification, and erasure

Data minimisation and retention policies are strictly followed

We know that occupational health data is among the most sensitive information an organisation handles. That’s why we treat it with the utmost respect and safeguard it using modern, carefully designed security practices.

If you have any questions about our data security, compliance, or processes, our team is always happy to help.

Contact: hello@allyhealth.uk