We made some mistakes with the new log in changes

Hello everyone,

As many of you will know, we released a change to the login page for Cliniko a couple of days ago. For many people, this had no, or minimal impact. For quite a few, it had a significant negative impact. In hindsight, this was predictable and avoidable and I'm sorry for the impact it's had on people.

If you login from www.cliniko.com, we previously took your email address, then presented you with your Cliniko accounts to choose from. The change means that when you enter your email address, we will email you that list instead. We did this change for the following security and privacy reasons:

• We shouldn't be sharing what Cliniko accounts you have, with anyone that knows your email address.
• We shouldn't make it so easy to get to your login page, just for knowing your email address.

By emailing you the list, this solves this problem. However, as we have since realised, it introduces its own new set of problems. In particular for people not in control of the systems they use Cliniko on, where bookmarking their page is not an option.

There have been numerous mistakes on our part in launching this change, including:

• We did not understand well enough, the ways people are logging into Cliniko, and the constraints some people have with the systems they use.
• We did not let people know that this change was coming, giving them time to prepare for it and be ready.
• It was not announced in enough places or with enough information on how to bypass the new log in process (there is a way, I'll share below).

I personally am largely responsible for this change. It's something I knew was coming for quite some time, and I was involved in the design and release of it. I'm sorry I have let you all down with this, and will learn from these mistakes.

To be very clear, I do believe a change was required, we should not have had the log in work as it did before. What I am now aware of, and should have been before, is that the new workflow is not good enough. Also, the way we released it was not respectful enough to the people who use Cliniko.

It's not as simple as "rolling back this change", as we also launched this at the same time as opening up new regions to store data in Cliniko (we now have a UK region available for new customers, with more coming). We needed to update the log in process to accommodate the new regions, and decided to make this change at the same time. Also with drawing attention to the privacy issues, we cannot revert back to them.

With the extra knowledge we now have, our team is currently working on a solution to improve the workflow while maintaining the new security and privacy improvements. We have some tentative plans already, and hope to have something to talk about with this shortly.

In the meantime, as mentioned above, there is a way to skip the new log in process. If you know the web address of your account, you can go directly to there without logging in via www.cliniko.com, or needing to receive the email. Your address will look like business-name.cliniko.com (where 'business-name' will be your unique part of the address). If you type this straight into your browser (and bookmark if you can), you'll not encounter any of the changes we've made here. These changes are only for when logging in via www.cliniko.com.

Again, I'm sorry for the trouble this caused for so many. We made mistakes on how the new workflow operates. There was a lack of communication before releasing, and we did not communicate well enough afterwards. There are no excuses for these. We've been doing this for long enough and should know better. I’m hopeful we won’t repeat the same mistakes again and will take steps to ensure it.

Joel
Founder - Cliniko