Security and data protection at Veona
Veona runs hospitals, clinics, and laboratories with patient data at the centre. This Trust Center sets out, plainly and truthfully, how we protect that data, where it lives, and the standards and laws we build to across African markets.
Built in, not bolted on
The controls below are design commitments of the Veona platform. Certifications listed elsewhere on this site are clearly marked as targets.
The details, by topic
Security in depth
Encryption at rest and in transit, role-based access with MFA, full audit trails, hardened infrastructure, and a secure development lifecycle.
Read more → ComplianceCompliance and standards
Data-protection law by market across Nigeria, Kenya, Ghana, and South Africa, the clinical standards we build to, and our certification targets.
Read more → ResidencyData residency
Your patient data stays in your country or region. On-premise deployment keeps it fully on-site, under your sovereignty.
Read more → SubprocessorsSubprocessors
A representative list of the service providers that may support a deployment, with purpose and region, finalized per region.
Read more → DisclosureResponsible disclosure
How to report a vulnerability to us, our safe-harbor commitment, what is in scope, and our response targets.
Read more → AvailabilityAvailability and continuity
Our 99.9% monthly uptime target, offline-first continuity through connectivity interruptions, and backups.
Read more →Interoperability and clinical quality
Veona is engineered to recognised health-data and laboratory standards so it fits national systems and exchanges data cleanly.
ISO 27001 and SOC 2 are published trust targets on our roadmap, not certifications we currently hold. See Compliance for detail.
Talk to our security team
For security questions, disclosure reports, or procurement due diligence, reach the team directly. We respond to verified reports promptly.