Legal information

Security

This page explains the safeguards CareBuddy uses and the security responsibilities shared by Thesmon Technologies Ltd., customer organisations, and authorised users.

Last updated: 9 June 2026

Security overview

CareBuddy is designed for sensitive care operations. Security controls include authenticated access, role-based permissions, home-level access boundaries, session protection, audit logging, document access controls, and administrative oversight features.

Access controls

Users must sign in with an authorised account.
Roles and home assignments restrict access to appropriate records.
Administrators should remove or update access when staff leave, move roles, or no longer require access.
Users must not share passwords or leave logged-in sessions unattended.

Audit and monitoring

CareBuddy records audit events for important activity such as user actions, document access, record changes, status updates, and sensitive workflows. Audit logs help customer organisations review accountability, investigate incidents, and support compliance.

Protecting sensitive records

CareBuddy may contain special category data, safeguarding information, and information about children or young people. Users should only access and disclose information where necessary for their role and must follow their organisation's confidentiality, safeguarding, and data protection policies.

Incident reporting and vulnerability disclosure

If you suspect unauthorised access, account compromise, a vulnerability, a lost device containing exported records, or any other security concern, contact your organisation administrator immediately.

Security reports can also be emailed to hello@thesmon.com. Do not include unnecessary sensitive care information in the first report.

Please do not access, copy, alter, delete, or disclose data that does not belong to you, and do not perform testing that could disrupt care operations.