Trust Centre

At EQL, we take data protection seriously.
Security, privacy, and compliance are built into how we design, build, and operate our platform. From infrastructure to product features, we make deliberate choices to protect your information and meet the standards you expect. Our goal is simple: provide a reliable, secure foundation you can trust.

Our Commitment to Trust

At EQL, we prioritise the security and privacy of user data. Our platform is designed with robust safeguards to ensure compliance with industry standards and regulations. We understand the
importance of transparency and reliability in healthcare technology, and we are committed to maintaining the highest levels of data protection.

Security

Infrastructure Security
We use isolated environments and strong access controls to safeguard customer data. All data is encrypted in transit and at rest, and our systems are designed to support high availability, rapid recovery, and operational continuity.
‍
Application Security
All of our platforms are built with a secure development lifecycle, including continuous integration, static analysis, and dependency monitoring. We engage independent third parties for regular penetration testing and maintain real-time threat detection across all services.
‍
Identity & Access Controls
Access is tightly controlled through least privilege principles, with time-limited permissions and enforced multi-factor authentication. All administrative activity is logged and fully auditable.

Privacy

Maintaining customer trust is an ongoing commitment. EQL continually monitors the evolving privacy regulatory and legislative landscape. We strive to inform you of the privacy and data security policies,
practices, and technologies we’ve put in place.
‍
Data Ownership & Transparency
You retain control over your data, and we handle it with care and transparency. Depending on the service, we may act as either a data processor or joint controller — always in accordance with applicable laws and best practices. Our platforms provide support for regional residency to meet regulatory requirements.
‍
Privacy is embedded from the ground up. We follow Privacy by Design principles, support data
minimisation and anonymisation, and provide full capabilities for data access, export, and deletion under GDPR and the UK Data Protection Act.

Compliance

We undergo annual audits conducted by the British Assessment Bureau (BAB) to maintain our ISO27001: 2022 certification, ensuring our information security management system continues to meet the highest global standards
‍
We are committed to maintaining and exceeding key certifications and regulatory requirements:

ISO27001 – Certified Information Security Management System (ISMS)
Use of AI, decision trees or probabilistic modeling in physiotherapy setting
Triage or clinical decision making application

Internal controls include quarterly policy reviews, employee security training, and rigorous third-party vendor assessments.

Incident Response

We monitor systems 24/7 and have clear processes in place to identify, investigate, and respond to potential security events. If data integrity or confidentiality is ever at risk, we act quickly and keep
affected customers informed.

Get in Touch

● 📧 informationsecurity@eql.ai
● 📁 Documentation available upon request