Understanding Client Data Privacy and Security

As a doula, you handle sensitive client information. DoulaBub takes data privacy and security seriously with industry-leading protection measures.

What Data is Protected?

DoulaBub encrypts all sensitive client information:

Personal Identifiable Information (PII)
- First and last names
- Email addresses
- Phone numbers
- Physical addresses
- Date of birth
- Due dates

Medical Information
- Health notes
- Birth preferences
- Medical history
- Postpartum information
- All client notes

Financial Data
- Payment information (never stored directly)
- Invoice history
- Payment records

Encryption Standards

Data at Rest
All data stored in DoulaBub databases is encrypted:
- **AES-256 encryption** - Industry gold standard
- Encrypted before writing to database
- Only decrypted when you access it
- Encryption keys stored separately

Data in Transit
All data moving between you and DoulaBub:
- **TLS 1.3 encryption** - Latest security protocol
- Same security as online banking
- Protects against eavesdropping
- Verified SSL certificates

HIPAA Compliance

DoulaBub follows HIPAA guidelines for healthcare data:

What is HIPAA?
The Health Insurance Portability and Accountability Act requires:
- Secure storage of health information
- Access controls and audit trails
- Data breach notifications
- Business associate agreements

How DoulaBub Complies
- Encrypted data storage
- Secure authentication
- Role-based access control
- Regular security audits
- Data backup and recovery
- Breach notification procedures

> **Note:** While doulas may not be legally required to be HIPAA compliant, DoulaBub follows these standards as best practice.

Access Controls

Only you can access your client data:

Authentication
- Secure password requirements
- Optional two-factor authentication (2FA)
- Session timeouts for inactive accounts
- Device verification for new logins

Authorization
- You own your data
- No one else can view your clients
- DoulaBub staff cannot see client details
- Each doula account is isolated

Data Storage

Where Data is Stored
- Enterprise-grade cloud infrastructure (Supabase/AWS)
- Data centers with physical security
- Redundant storage across locations
- Automatic daily backups

Data Retention
- Data kept as long as your account is active
- 30-day grace period after account closure
- You can export data anytime
- Deleted data is permanently removed

Client Portal Security

When clients access their portal:
- Unique, secure login links
- Time-limited access tokens
- Encrypted data transmission
- No permanent client logins (more secure)

Best Practices for Data Privacy

Strong Password Requirements
Create a secure password:
- At least 12 characters
- Mix of letters, numbers, symbols
- Unique to DoulaBub (not reused)
- Use a password manager

Enable Two-Factor Authentication
Extra security layer:
1. Go to **Settings** → **Security**
2. Enable "Two-Factor Authentication"
3. Scan QR code with authenticator app
4. Save backup codes
5. Required at each login

Device Security
Protect your devices:
- Use device passwords/biometrics
- Keep software updated
- Don't share login credentials
- Log out on shared devices
- Enable device encryption

Secure Communication
When discussing clients:
- Use DoulaBub's secure messaging
- Avoid unencrypted email for sensitive info
- Don't text sensitive details
- Be mindful of public spaces

Data Breach Prevention

DoulaBub protects against breaches:
- Regular security audits
- Penetration testing
- Vulnerability scanning
- Security monitoring 24/7
- Incident response plan

Your Responsibilities

As a doula using DoulaBub:

✅ **Do:**
- Use strong, unique passwords
- Enable two-factor authentication
- Log out on shared devices
- Keep your email secure
- Report suspicious activity
- Review access logs periodically

❌ **Don't:**
- Share your login credentials
- Use public Wi-Fi without VPN
- Leave devices unattended when logged in
- Save passwords in browsers on shared computers
- Ignore security update notifications

Client Consent

Best practices for client data:
- Inform clients how their data is stored
- Get consent to store information
- Explain security measures
- Provide privacy policy
- Allow clients to request data deletion

**Sample Privacy Statement:**
```
"Your information is stored securely in DoulaBub,
a HIPAA-compliant platform with enterprise-grade
encryption. Your data is only accessible to me and
is protected with the same security standards used
by healthcare providers."
```

Data Export and Portability

You own your data - export it anytime:
1. Go to **Settings** → **Data & Privacy**
2. Click **Export Data**
3. Select data to export:
- Client information
- Invoices
- Appointments
- Notes
4. Choose format (CSV, PDF, JSON)
5. Download encrypted file

Account Deletion

If you close your account:
1. Export your data first
2. Go to **Settings** → **Account**
3. Click **Delete Account**
4. Confirm deletion
5. Data is permanently removed after 30 days

Compliance Certifications

DoulaBub infrastructure includes:
- SOC 2 Type II compliance
- GDPR compliance
- Regular third-party audits
- Industry-standard security practices

Reporting Security Issues

If you notice something suspicious:
1. Contact support immediately
2. Email: security@doulabub.com
3. Include details about the concern
4. Don't share details publicly
5. We'll investigate promptly

Transparency

DoulaBub commits to:
- Clear privacy policies
- Transparent data practices
- No selling of your data
- No third-party data sharing
- Prompt breach notifications
- Regular security updates

Frequently Asked Questions

**Can DoulaBub staff see my client information?**
No. Client data is encrypted and only accessible to you.

**What happens if there's a data breach?**
You'll be notified immediately with details and next steps.

**Can I use DoulaBub for HIPAA-covered services?**
While we follow HIPAA standards, doulas are typically not HIPAA-covered entities. Consult legal counsel for your specific situation.

**Is my data backed up?**
Yes, automatically every day with redundant storage.

Next Steps

- [How to Add and Manage Doula Clients](/help/client-management/add-clients)
- [Using the Client Portal for Doula Services](/help/client-management/client-portal)
- [Setting Up Your Doula Business Profile](/help/getting-started/business-profile-setup)