Patient data security is not negotiable
QueueBridge was built with security and compliance as foundational requirements - not features added after the fact. Here is how we protect your patients and your organisation.
POPIA Compliant
South African data law
AES-256 Encrypted
Data at rest and in transit
SA Primary Hosting
Failover in Finland, EU
Full Audit Logging
Tamper-proof event trail
POPIA Compliance
QueueBridge is designed to be fully compliant with South Africa's Protection of Personal Information Act (POPIA). We provide documentation, audit trails, and data processing agreements to support your organisation's compliance obligations.
- Formal Data Processing Agreement (DPA) available for Enterprise customers
- Patient consent management built into check-in workflows
- Right-to-erasure (right to be forgotten) data deletion workflows
- Data minimisation principles applied at architecture level
- Information Officer designation support and documentation
- Breach notification procedures and response playbooks
Data Encryption
Patient data is encrypted at every point in its lifecycle - whether stored, transmitted, or processed. We use industry-standard cryptographic protocols enforced at the infrastructure level.
- AES-256 encryption for all data at rest
- TLS 1.3 for all data in transit
- Database-level encryption with per-tenant key isolation
- Encrypted backups with separate key storage
- Certificate pinning for mobile and kiosk clients
- Key rotation policies and automated certificate renewal
Data Residency & Infrastructure
Patient data is hosted on dedicated VPS infrastructure in South Africa as the primary environment, with a secondary failover server in Finland, Europe, for disaster recovery and redundancy. Data sovereignty is maintained at all times.
- Primary hosting: dedicated VPS servers, South Africa
- Disaster recovery: dedicated failover server, Helsinki, Finland
- All primary patient data remains on South African infrastructure
- EU failover used only for redundancy — no operational data stored there
- Encrypted replication between primary and failover environments
- Infrastructure as Code (IaC) for reproducible, auditable deployments
Audit Logging
Every access, action, and system event within QueueBridge is logged in a tamper-proof, append-only audit log. This supports clinical governance, regulatory enquiries, and internal compliance reviews.
- Immutable audit log for every patient record access
- User action logging with IP address and device fingerprint
- System-generated event logs with cryptographic integrity checks
- Log retention for minimum 5 years (configurable to 10+)
- Real-time audit log streaming to your SIEM (Enterprise)
- One-click compliance report generation
Access Controls & Identity
QueueBridge implements granular, role-based access controls ensuring staff only access the patient data and system functions relevant to their clinical role.
- Role-based access control (RBAC) with custom role definitions
- Multi-factor authentication (MFA) enforced for all users
- Single Sign-On (SSO) via SAML 2.0 / OIDC (Enterprise)
- Session timeout and concurrent session management
- IP allowlisting for administrative access
- Just-in-time access provisioning for privileged operations
Resilience & Business Continuity
Healthcare operations cannot afford downtime. QueueBridge is architected for high availability with redundancy at every layer and a tested disaster recovery plan.
- 99.9% uptime target for all production environments
- Active-passive failover with automated recovery
- Daily automated backups with point-in-time recovery
- Staged deployments with automated rollback capability
- Monitoring and alerting across all infrastructure layers
- Incident response runbooks for all critical failure scenarios
Responsible Disclosure
If you discover a security vulnerability in QueueBridge, please report it responsibly so we can address it before public disclosure. We commit to acknowledging all valid reports within 24 hours.
security@queuebridge.co.zaNeed a full security briefing?
Our team is available to walk your IT and compliance departments through our architecture and controls.