Security & Compliance
Protecting your data is our highest priority
Apollo Professional is built with enterprise-grade security to ensure the safety, confidentiality, and availability of your data.
Built on Trusted Infrastructure
Apollo is hosted in the UK on Google Cloud Platform (GCP), a world-class infrastructure provider trusted by governments, hospitals, and Fortune 500 companies.
We inherit and build upon Google’s compliance with the following global security standards:
ISO 27001 – Information Security Management
ISO 27017 – Cloud-specific security controls
ISO 27018 – Protection of personally identifiable information (PII) in the cloud
In addition, Apollo is Cyber Essentials Certified, demonstrating our proactive approach to cyber risk management in line with UK Government recommendations.
All servers, services, and data reside within UK-based data centres, ensuring alignment with UK GDPR and local data sovereignty regulations.
Access You Control
Apollo gives you complete control over who can access what, helping you protect sensitive information and stay compliant. With custom roles and granular permissions, you can limit access by user type, department, case, or organisation so clinicians, HR, and admins only see what they need to.
Create tailored permission sets for internal teams, external partners, and clients
Restrict access to sensitive notes, files, or specific cases
Enforce clinician-only visibility for medical details
Keep a full audit trail of user actions for accountability
Multi-factor authentication (MFA) adds another layer of security and is required for all system users.
Tested & Trusted
Security is not a one-time project, it’s a continuous process. Apollo Professional undergoes:
Annual third-party penetration testing, covering both whitebox (internal) and blackbox (external) attacks
Testing focused on OWASP Top 10 vulnerabilities, logic flaws, infrastructure exposure, and data access weaknesses
All identified vulnerabilities are triaged, prioritised, and remediated — with critical issues patched within 7 days
Regular internal vulnerability scanning using both Wazuh and Google SCC tools
Our development team undergo training on security best practices to ensure we are building Apollo to be as secure as possible.
Multi-Layered Protection
Apollo uses a defence-in-depth architecture to protect your system from both automated and targeted attacks:
Cloudflare Web Application Firewall (WAF) for real-time protection against malicious requests and DDoS
Google Cloud Firewalls with tightly controlled ingress/egress rules
IDS/IPS (Intrusion Detection & Prevention) to identify and block potential intrusion attempts before they impact the system
Active monitoring against protocol exploits, injection attacks, and brute force attempts, with up-to-date threat intelligence
This layered approach ensures that even if one control is bypassed, others stand ready to protect your data.
Automatic Backups & Fast Recovery
We know how critical it is to keep your data available, even when the unexpected happens. That’s why Apollo has a rock-solid backup and disaster recovery process built in from day one.
Our systems take full backups of the platform three times a day, and we back up your database every 15 minutes to minimise data loss. Everything is encrypted using AES-256 and stored in UK-based, geo-redundant Google Cloud data centres ensuring resilience, compliance, and peace of mind.
In the rare event of a system issue, our disaster recovery plan is ready to go, with a Recovery Time Objective (RTO) of just 4 hours and a Recovery Point Objective (RPO) of 15 minutes. We also test our recovery process annually to make sure we can get you back up and running fast without missing a beat.
You Own Your Data
With Apollo, your data is always yours. We believe in transparency and flexibility — so if you ever decide to move on, we make the process straightforward.
You can request a full export of your data at any time, in either PDF or SQL format. There’s no extra charge, no complicated procedures, and no restrictions. While Apollo is a fully cloud-based platform and we don’t offer on-premise deployment, we’ll support you with structured data migration to ensure a smooth transition if needed.
