How we protect your data
We implement reasonable technical and organizational measures to protect the confidentiality, integrity, and availability of clinic and patient data, including:
- Encrypted transmission (HTTPS/TLS) for data in transit.
- Access controls, authentication, and role-based permissions for clinic staff.
- Audit logging and monitoring for security purposes.
- Secure hosting and deployment infrastructure.
While we follow industry best practices, no system is completely secure. Clinics are responsible for enforcing strong internal practices — including strong passwords, protecting account credentials, and limiting user access where appropriate.
Your responsibilities as a clinic
Sorge Care is a B2B platform: your team controls who gets access and what patient data is entered. We recommend reviewing staff permissions regularly, using unique credentials for each team member, and removing access promptly when someone leaves your clinic.
Data retention and deletion
We retain clinic and patient data for as long as your account remains active. If you request deletion of your account and data, we permanently delete it within 90 days, except where a longer retention period is required by law.
For more detail on how we collect, use, and share information, see our Privacy Policy.