Security center

Protecting healthcare work, accounts, and operational data.

Security is not a footer email link. This page explains how Covecare thinks about trust, access, privacy, credential protection, and responsible vulnerability reporting.

Report a security concern

Security approach

Built around trust, roles, and operational control.

Healthcare staffing touches identities, credentials, payments, shifts, and facility data. The product should protect each area intentionally.

Account protection

Role-based access, protected routes, and secure authentication flows for clinicians, facilities, and administrators.

Credential safeguards

Credential records, identity information, and facility approval workflows are handled with access control in mind.

Data privacy

Sensitive operational data should only be available to the right user, team, or facility workspace.

Audit readiness

Key operational actions should be tracked so support, finance, and compliance teams can investigate issues clearly.

Responsible reporting

Found a vulnerability or suspicious activity?

Send enough detail for the team to reproduce and investigate the issue. Do not access, modify, download, or share data that does not belong to you.

Use strong passwords and never share login details.
Only upload accurate credentials and identity documents through the official platform.
Report suspicious activity, unexpected emails, or account access concerns quickly.
Facilities should remove staff access when employees leave or change responsibilities.

What to include

Account email, affected page, steps to reproduce, screenshots if available, browser/device, and the impact you believe the issue may have.

Security report

Submit a security concern.

This creates a real page experience for security reporting. The next production step is to connect it to your support/security ticket table.