Security & Privacy
Formulate is designed from the ground up to protect clinical data. Here's how we keep your practice and your clients safe.
Encryption & Infrastructure
All data is encrypted at rest using AES-256 and in transit using TLS 1.2+. Our database is hosted on Supabase (AWS eu-west-2, London region), so clinical data is stored in the UK. Some sub-processors operate outside the UK — see the table below.
Access Control
Row-level security (RLS) is enforced at the database level. Every query is scoped to the authenticated therapist — one practitioner can never access another's client data, even through direct API calls.
GDPR Compliance
Clients are identified by pseudonymous labels (initials or codes), never by full name or email. Every client has a secure data portal where they can track their homework, request deletion under GDPR Article 17, and — where their therapist has enabled response sharing — view their submitted responses. Deleted data is purged permanently after a 90-day retention window.
AI Data Handling
Before text is sent to our AI for worksheet generation, it passes through an automated PII-stripping step that detects and replaces email addresses, phone numbers, NHS and NI numbers, postcodes, dates, and names with safe placeholders. This is a safeguard, not a guarantee, so therapists are also asked not to enter identifiable client information. Your data is never used to train AI models.
Content Security Policy
HTML pages are served with a Content Security Policy that uses per-request nonces, so inline scripts run only when signed with a valid nonce — mitigating cross-site scripting (XSS) attacks.
Subprocessors
Third-party services that process data on our behalf.
| Service | Purpose | Data Location |
|---|---|---|
| Supabase | Database, authentication & file storage | UK (London, AWS eu-west-2) |
| Vercel | Application hosting & CDN | Global edge (US/EU) |
| Stripe | Payment processing | US / EU |
| Resend | Transactional email | US |
| Anthropic | AI worksheet generation (PII-stripped input only) | US |
| Sentry | Error monitoring (no clinical data) | US |
| Meta (Facebook) Pixel | Advertising-performance measurement — loaded only with your cookie consent | US |
| Vercel Web Analytics | Aggregate usage analytics — loaded only with your cookie consent | US / EU |
| Ayrshare | Publishing our own marketing/blog posts to social media (no client or personal data) | US |
Have a security concern?
Contact us at formulatetools@outlook.com
Need a Data Processing Agreement? View our DPA · DTAC self-assessment · Clinical Safety Case