We won't put a badge on the wall we haven't earned
Your clients trust you with personal details and health history. Here's exactly how Georgie protects it — the controls in place, in plain terms.
Encrypted in transit and at rest
Every connection uses TLS, with HSTS enforced, and your clients' data is encrypted at rest on AWS. Nothing sensitive is stored or sent in the clear.
Card data never touches us
Payments run through Stripe, so Georgie never sees or stores a card number. The most sensitive data never lands on our servers, and the heavy compliance scope stays with Stripe.
Sessions bound to your device
Each sign-in is tied to your device and revoked automatically on a new one. Sessions time out after inactivity, and repeated failed attempts lock the account.
An access trail you can stand behind
Every sign-in, sign-out, and failed attempt is recorded, and the trail is kept even if the account is later deleted.
Your data is yours
We never sell, rent, or mine your data, and personal information is filtered out of our logs before anything is written.
Built on AWS
Georgie runs on Amazon Web Services, with encryption at rest and isolated, automatically-managed infrastructure, so there are no hand-managed servers to fall behind on patches.
Audit-ready, by design
Georgie's controls are mapped to the SOC 2 Common Criteria and architected for the HIPAA Security Rule. We are not certified, and we don't claim audits we haven't completed, but the practice is built to pass one.
30-day money-back guarantee. Cancel anytime.