Security overview
← Back to trust centreA practical overview of how Arctic Parade is currently hosted and how it approaches controlled access, application security, and operational safeguards.
Current application stack
Arctic Parade currently runs on Ubuntu using Python, Django, and Gunicorn.
The platform is hosted in Microsoft Azure and uses Azure Database for PostgreSQL as the primary relational database.
Transactional email is handled through Postmark, and SMS is designed to be handled through Twilio when SMS functionality is enabled.
Operational configuration is managed through environment-based settings so credentials and provider configuration are not mixed into normal content workflows.
Security measures built into the platform
Role-based access is used to separate admin, front-desk, and practitioner responsibilities within the clinic workspace.
Clinic data is scoped by organisation so records are handled within the correct tenant context.
Audit and operational history are built into core workflows so important actions can be reviewed later.
Managed third-party providers are used for sensitive areas such as email, payments, and optional SMS rather than trying to build those systems from scratch.
Areas to document further over time
Backup and restore expectations for both the database and media assets
Access management for infrastructure and production environments
Secrets handling and credential rotation practices
Logging, monitoring, and alerting approach
TLS, domain, and certificate management
What this page is not
This page is intended to explain the current platform approach in plain language.
It is not a statement of formal certification and should not be treated as a substitute for a signed security review, DPA, or completed compliance assessment.