Your data is yours — we just keep it safe.
This page summarises how Nightingale protects customer data across the platform. It is maintained by Nightingale Software Group as a plain-English overview, not an independent certification.
All customer data is stored securely and kept strictly separate between customers, so one customer can never see or affect another's data.
Users can only access information they've been granted access to. Role-based permissions and row-level controls are enforced at the database layer, not just the UI.
Important actions — approvals, exports, configuration changes, admin events — are logged with who, what, when and from where, so you can always reconstruct what happened.
Nightingale Software Group is registered with the UK Information Commissioner's Office and operates in line with UK GDPR and the Data Protection Act 2018.
We publish our Privacy Policy and Data Processing Agreement. Sub-processors are documented and notified in advance of material changes.
Enterprise customers can layer on SSO/SAML, custom retention, named data residency, signed DPAs, and dedicated incident-response contacts.
Read the underlying documents.
Report a security issue.
If you believe you've found a security issue, email security@nightingalesoftware.co.uk. We'll acknowledge within one business day.