Built to be trusted

Families trust CareSync with sensitive information, and we take that seriously. Security isn't a feature we bolted on — it shapes how the service is built. Here's a plain-language overview of how we protect your data.

Traffic between you and CareSync is encrypted in transit using HTTPS/TLS. Your data is encrypted at rest by our infrastructure providers.

Sign-in is handled by a dedicated authentication provider. Passwords are stored only as secure hashes, and your session is kept in a protected, http-only cookie rather than exposed to scripts in the browser.

Your data is scoped to your family. Every request is authorised on the server against the family you belong to, so one family can never see another's care logs, members or documents — even via the API.

Uploaded documents are kept in a private storage bucket that is never publicly listable. Files are reachable only through short-lived, signed links generated for members of the owning family, and uploads are restricted to Premium families.

All payments are processed by Stripe, a PCI-DSS Level 1 certified provider. CareSync never sees or stores your full card details — we only keep a reference to your Stripe customer and your subscription status.

CareSync runs on a dedicated server behind Cloudflare, which provides TLS and helps absorb malicious traffic. We keep our software and dependencies up to date.

If you believe you've found a security vulnerability, please email support@care-sync.nl with the details. We ask that you give us a reasonable opportunity to investigate and fix the issue before disclosing it publicly. We're grateful to researchers who help keep families safe.

Security is a partnership. You can help by:

• Using a strong, unique password for your account.
• Only inviting people who should see your family's information.
• Signing out on shared or public devices.

CareSync is a care-coordination tool, not a certified medical or clinical system. Please don't store information you aren't comfortable keeping in a consumer service, and never rely on it for emergencies.