Our Commitment to Trust and Safety

Independent Quality and Safety Assurance

Salaso is committed to delivering safe, effective digital health support. To support independent confidence in our service, we participate in external evaluation and regularly review our processes for clinical safety, data protection, accessibility, and user experience. The results of these reviews are available on request. 

Data Protection and Privacy

We handle all personal and health information in accordance with applicable data protection laws (including UK GDPR and EU GDPR where relevant) and only collect the minimum data necessary to provide our services. Our Privacy Policy explains what data we collect and how it is used.

Clinical Oversight and Evidence

Our programs and care pathways are developed with input from qualified healthcare professionals and follow best practice clinical guidance. Where evidence exists, we reference relevant clinical standards and research supporting our content. Salaso clinical review practices and documentation are available upon request.

Usability & Accessibility

We aim to make our platform easy to use and accessible. Accessibility features are continually reviewed and improved to support a broader range of needs. Salaso design adheres to WCAG 2.1 and 508 accessibility standards. The results of these reviews are available on request. 

Independent Review

Salaso participates in third-party technical reviews twice a year. Independent evaluations helps build trust and ensures ongoing compliance with recognised digital health standards. The results of these reviews are available on request. 

Security and Privacy

Our platform prioritizes security and privacy through stringent development practices and adherence to industry standards. Our Software Development Life Cycle (SDLC) incorporates a Quality Management System (QMS) strategy aligned with ISO 27001-22 and ISO 13485, ensuring regular vulnerability assessments to maintain system integrity.

To guarantee the highest level of security, we:

• Conduct weekly scans based on OWASP guidelines
• Provide end-to-end encryption for all data in motion using TLS 1.2+
• Utilize secure storage with AES-256 encryption at rest
• Utilize regular external PEN tests

Our platform is fully compliant with both GDPR and HIPAA regulations, ensuring the confidentiality, integrity, and availability of sensitive information.

If you have any questions or would like to learn more, contact us today.