HomeOrbit
HomeOrbit®
Legal & Policies
Back to siteLog in
LegalBusiness

HomeOrbit Security and Support Policy

Security, incident handling and support position for HomeOrbit.

Version 1.0
Updated 15 April 2026

This document summarises HomeOrbit's current operational approach to security, support, maintenance, and incident handling.

1. Security principles

HomeOrbit is designed for use in a care-sector context where confidentiality, role-based visibility, and tenant separation are important. HomeOrbit aims to apply reasonable and proportionate security measures based on the nature of the service and the data processed.

2. Security measures summary

HomeOrbit's current approach includes measures designed to support:

  • authenticated access to the platform;
  • role-based permissions and scoped visibility;
  • segregation between customer environments and data scopes;
  • encryption in transit using modern HTTPS/TLS transport;
  • managed infrastructure providers;
  • controlled deployments through managed source control and hosting workflows;
  • logging, diagnostics, and monitoring;
  • secrets and environment-based credential handling;
  • rate limiting or anti-abuse controls on sensitive routes where implemented; and
  • restriction of access to files and stored assets through private storage and time-limited access mechanisms where implemented.

HomeOrbit does not represent that any system is invulnerable, and Customers must also maintain good internal security hygiene.

3. Customer-side security responsibilities

Customers should:

  • assign access only to authorised adult users;
  • promptly disable access for leavers or role changes;
  • use strong passwords and secure devices;
  • avoid sharing accounts;
  • minimise unnecessary uploads of sensitive information;
  • maintain their own internal policies and training;
  • review permissions, data quality, and exports regularly; and
  • report suspected incidents promptly.

4. Support model

At the date of this policy, HomeOrbit is in an early operational stage and may be delivered through a pilot and implementation model. Support is therefore provided on a reasonable endeavours basis, generally during UK business hours, with additional practical support where separately agreed through implementation arrangements.

No formal guaranteed response times, service credits, or 24/7 commitments are granted unless separately agreed in writing.

5. Maintenance and updates

HomeOrbit may deploy:

  • bug fixes;
  • security fixes;
  • design and UX changes;
  • workflow changes;
  • feature enhancements; and
  • infrastructure changes.

Some changes may be made without prior notice where urgently required for security, legal, or operational reasons. Where practicable, material planned changes affecting customers will be communicated in advance.

6. Incident reporting

Customers should report security incidents, suspected breaches, lost credentials, or suspicious activity to support@homeorbit.co.uk as soon as possible.

HomeOrbit will investigate reported issues and, where HomeOrbit is acting as processor and becomes aware of a confirmed breach affecting Customer Personal Data, HomeOrbit will notify the relevant customer controller without undue delay.

7. Availability

HomeOrbit aims to keep the service available and stable, but does not guarantee uninterrupted or error-free access. Availability may be affected by:

  • planned maintenance;
  • third-party infrastructure issues;
  • internet or network failures;
  • cyber incidents;
  • force majeure events; or
  • service development work.

8. Security reviews and improvement

HomeOrbit may continue to refine its legal, technical, and operational controls over time as the service develops, including changes to monitoring, policies, support processes, or hosting configuration.