Trust Centre

Security and data handling, in plain terms.

WeHub moves data between healthcare systems. This page sets out where that data lives, how it is protected, and what we are certified to do. If you need something that isn't here, ask and we will send it.

At a glance

Certification

Cyber Essentials Plus

Certified 17/12/2025 · whole-organisation scope

Data residency

United Kingdom

Hosted in a UK South region

Service status

Live status page(opens in a new tab)

statuspage.incident.io/wehub

Certification

What we are certified to

Cyber Essentials Plus
Scope
Whole organisation
Certified
17/12/2025
Scheme
NCSC Cyber Essentials,
assessed by IASME

Cyber Essentials Plus is a hands-on technical audit of our defences against common cyber attacks, verified by an independent assessor.

We are not currently certified to ISO 27001, SOC 2, or DSPT, and we will not imply otherwise. As our certification scope grows, this page will say so.

Data residency

Where your data lives

WeHub Cloud

Your data stays in the United Kingdom

WeHub Cloud runs the platform in a UK South region. All data remains in the United Kingdom, with each customer isolated in their own tenant.

Explore WeHub Cloud
UNITED KINGDOMSource systemWeHubUK South regionDestination system

WeHub Runner

Your most sensitive data never has to leave your infrastructure

When data is too sensitive to leave your environment, WeHub Runner lets you design your integrations in WeHub, then run them inside your own cloud tenant. Data is processed on your own infrastructure and never touches ours. Available through Azure Marketplace.

Explore WeHub Runner
Design in WeHubBuild & version flowsYOUR INFRASTRUCTURERun on yourinfrastructureYour data stays here

Compliance

Data protection

WeHub processes personal data in accordance with the UK GDPR and the Data Protection Act 2018.

Where WeHub processes data on behalf of a customer, we act as a data processor under a written data processing agreement.

GDPR is a legal framework, not a certificate. We do not display a GDPR "badge" and you should be cautious of any vendor who does.

Documentation

Documents on request

These are sent on request while we finalise our published versions. Email support@mywehub.io and we will respond directly.

Security disclosure

Reporting a vulnerability

If you believe you have found a security vulnerability in WeHub, please tell us before disclosing it publicly.

Email support@mywehub.io with the detail and steps to reproduce. We will acknowledge your report and keep you updated as we investigate.

support@mywehub.io

Questions or concerns

Still need something on security or compliance?

If something you need isn't on this page, or you'd like to talk through how WeHub handles your data, our team is happy to help.

Contact us