Reviewing Amigo Assist for security, privacy or procurement?

Request the Amigo Assist Procurement Pack for information on platform architecture, UK hosting, data handling, access controls, encryption practices, governance and assurance.

Security, privacy and governance built for modern care

Amigo Assist protects resident and service information through privacy-first sensing, secure encrypted wireless connections, controlled platform access, UK-hosted infrastructure and documented governance support for provider, commissioner and procurement review.

1

Security controls

Encryption practices for data in transit and at rest, secure authentication, role-based access and least-privilege permissions.

2

Privacy and data handling

No cameras, microphones, wearables or listening devices, with controlled access and documented retention and deletion principles.

3

Governance support

Procurement, DPIA, retention and security information can be provided to support assurance reviews and deployment planning.

Covers platform security, privacy and data protection, UK hosting, access controls, governance documentation and assurance planning.

Privacy-first security by design

Secure care intelligence, built around privacy and operational assurance

Amigo Assist is an AI-powered, privacy-first care intelligence platform designed to help care organisations understand changes in everyday routines without cameras, microphones or wearable devices. Security, controlled access, responsible data handling and clear governance are built into the platform to support data protection reviews, procurement assessments and ongoing operational assurance.

Encryption & secure data handling

  • Data protected in transit using encrypted connections
  • Stored information protected through managed encryption controls
  • Sensitive credentials are securely managed and kept separate from application code
  • Security administration is restricted, controlled and auditable

Identity & access control

  • Role-based access aligned with each user’s responsibilities
  • Least-privilege permissions help limit unnecessary access
  • Additional safeguards protect privileged and administrative actions
  • User invitations, information sharing and permission boundaries remain controlled

Monitoring, records & audit

  • Centralised operational and security-relevant records
  • Audit trails for access, administrative actions and configuration changes
  • Monitoring supports the identification of unusual or security-relevant activity
  • Clear records support supplier assurance, governance and procurement reviews

Privacy, hosting and assurance information in one place

The sections below explain how Amigo Assist approaches privacy and data protection, UK and EU data hosting, retention and deletion, incident readiness and the continued development of its security and compliance programme.

Privacy-first care intelligence

Privacy & data protection by design

Amigo Assist is an AI-powered, privacy-first care intelligence platform designed to provide meaningful routine insights without cameras, microphones or wearable devices. Privacy considerations are built into the platform, its operational processes and customer onboarding to help protect dignity, limit unnecessary data exposure and support responsible information governance.

Dignity-led design

  • No cameras, microphones or wearable devices are required
  • Designed to support dignity, proportionality and appropriate use in care settings
  • Focuses on routine patterns and changes rather than intrusive observation
  • Privacy considerations are reviewed across design, deployment and ongoing use

Controlled data access

  • Role-based permissions help restrict information to authorised users
  • User invitations, sharing and permission boundaries remain controlled
  • Operational access is limited to authorised personnel with an appropriate need
  • Access and administrative actions can be supported by audit-friendly records

Governance & customer support

  • Customers can discuss information governance and DPIA requirements with our team
  • Privacy and data protection questions can be reviewed during procurement and onboarding
  • We support appropriate handling of data subject rights and governance enquiries
  • Additional governance information is available through our assurance materials

Full privacy and assurance information

This section provides a high-level overview of the Amigo Assist privacy and data protection approach. Full legal information is available on our Privacy page, while procurement, governance and due diligence information can be requested separately.

Responsible data lifecycle management

Data hosting, retention & deletion

Amigo Assist is designed to support clear data residency, proportionate retention and controlled offboarding throughout the life of the service. Our approach helps care organisations understand where information is hosted, how long it may be retained and how access, return or deletion can be managed when a service arrangement ends.

UK & EU data hosting

  • UK and EU hosting arrangements can support customer data residency requirements
  • Hosting is selected with security, resilience and governance expectations in mind
  • Data residency can be reviewed as part of procurement and information governance discussions
  • Additional hosting information is available through the Amigo Assist procurement process

Retention & lifecycle management

  • Retention principles apply to customer information, operational records, logs and backups
  • Retention periods are set with operational need, service resilience and governance obligations in mind
  • Data lifecycle handling is considered from onboarding and live use through to archival and offboarding
  • More detailed retention information can be provided during assurance or contract review

Deletion & offboarding

  • Offboarding can include agreed data return or deletion arrangements where applicable
  • User access and permissions are removed through a controlled deprovisioning process
  • Backup and recovery arrangements are considered within the wider deletion lifecycle
  • Data lifecycle and offboarding requirements can be agreed during procurement and governance review

Clear lifecycle information supports confident assurance decisions

This section provides a high-level overview of Amigo Assist hosting, retention and deletion principles. More detailed information can be shared through our procurement and due diligence process where appropriate.

Security incident readiness

Incident response & assurance support

Amigo Assist is designed to support structured handling of platform, data-protection and security-related incidents. Monitoring, controlled escalation, documented investigation and evidence-friendly governance help support customers, care providers and procurement teams when assurance questions or security events need to be reviewed.

Identification & assessment

  • Monitoring helps provide visibility of unusual or security-relevant platform activity
  • Reported events can be assessed by severity, likely impact and required urgency
  • Logs and audit records can support technical investigation and evidence review
  • Structured assessment helps avoid inconsistent or informal incident handling

Response & recovery

  • Incidents can be escalated to appropriate technical, operational and governance personnel
  • Containment, investigation, remediation and recovery actions can be tracked through a controlled process
  • Relevant customer communication can form part of the incident and governance process
  • Post-incident review can inform corrective actions and future control improvements

Assurance & procurement support

  • Assurance information can support procurement, supplier review and governance processes
  • Our team can contribute relevant platform information to customer-led DPIAs and security questionnaires
  • Documentation is intended to support evidence-based review rather than unsupported headline claims
  • Additional information can be shared through direct engagement and the Amigo Assist Procurement Pack

Platform security incidents are separate from care alerts

This section relates to security, privacy and service incidents affecting the Amigo Assist platform. It does not describe the handling of care notifications, possible fall-related events or emergency situations. Amigo Assist supports care decisions and does not replace professional judgement, emergency services or established care procedures.

Transparent assurance development

Security & compliance roadmap

Amigo Assist is developing its security, governance and assurance programme in a structured and transparent way. The roadmap below outlines planned areas of progression as our AI-powered, privacy-first care intelligence platform grows across family, care-provider and public-sector settings.

Near-term roadmap

Cyber Essentials

Cyber Essentials is a planned step within our baseline security programme. It is intended to support recognised cyber-hygiene practices and strengthen assurance discussions with care providers, partners, commissioners and procurement teams.

Current status: Planned
Priority roadmap

NHS Data Security and Protection Toolkit

Alignment with the NHS Data Security and Protection Toolkit is a roadmap priority intended to support health and care-sector information-governance expectations where NHS-related data handling, supplier assurance or commissioning requirements apply.

Current status: Roadmap priority
Longer-term roadmap

ISO/IEC 27001

ISO/IEC 27001 represents a longer-term pathway towards formal information-security management, risk governance and continual improvement as Amigo Assist, its operations and customer assurance requirements continue to scale.

Current status: Planned progression

Roadmap status, not current certification

The items above describe planned assurance activity and should not be read as current certification, accreditation or completed compliance. Priorities and timing may change in response to customer needs, procurement expectations and applicable regulatory guidance. Current supporting information is available through the Amigo Assist Procurement Pack.

Layered technical safeguards

Platform architecture & technical controls

Amigo Assist applies layered security controls across infrastructure, data handling, identity, logging and service resilience. These controls support secure delivery of our AI-powered, privacy-first care intelligence platform and provide a clear foundation for governance, procurement and assurance reviews.

Infrastructure protection

  • Restricted service exposure: internal services and access paths are designed to limit unnecessary external availability.
  • Traffic protection: request controls help reduce automated abuse, unwanted traffic and suspicious activity.
  • Secure credential handling: sensitive credentials are managed separately from application code with restricted administration.
  • Security maintenance: platform components are reviewed and updated to address known vulnerabilities and maintain service integrity.

Data, access & resilience

  • Encrypted data handling: information is protected in transit and at rest using managed security controls.
  • Identity and permissions: role-based access, least-privilege principles and additional safeguards help protect privileged activity.
  • Auditability: centralised records support traceability for access, administrative activity and important configuration changes.
  • Backup and recovery: controlled backup and recovery processes support continuity and service resilience.

Need deeper technical assurance information?

Additional information on data flows, service providers, incident handling, retention, resilience and customer-led DPIA reviews can be shared through the Amigo Assist procurement process.

Request procurement pack
Security and assurance questions

Frequently asked questions

Answers to common questions about Amigo Assist security, privacy, data governance, procurement support and planned assurance development.

Amigo Assist can support UK and EU data-hosting arrangements where required. Data residency, hosting scope and environment-specific requirements can be reviewed during procurement, information-governance and assurance discussions.