Securing your data
You own your data
We are the custodians of your data, but you remain the owner. Every step has been taken to help you manage your information securely and confidentially. And, if the time ever comes for us to say goodbye, your data will be held for a minimum of 90 days after cancellation.
If you need to cancel your account due to the COVID-19 pandemic, please select it as the reason for your cancellation, and we’ll hold onto your data for a minimum of 12 months. That way, if you decide to start back up again, all your information will still be here exactly the way you left it.
If ever you’d like to transfer your info outside of Cliniko for any reason, you can take it anywhere you want using Cliniko’s data export feature.
Cliniko is hosted in state-of-the-art datacenter facilities. Physical access is controlled at the perimeter and building entry points by professional security staff using video surveillance, intrusion detection systems, and other electronic means.
We use datacenter facilities that are built in clusters. In case of failure, automated processes move customer data traffic away from the affected area and into other sites that are functioning properly. It all occurs behind the scenes, and you won’t even notice when it’s happening.
Whenever your data is sent between us, it’s encrypted using HTTPS (end-to-end encryption). We use a 2048-bit SSL certification for encryption in transit. All data is also encrypted at rest and backed up daily, using the industry-standard AES-256 encryption algorithm.
If that sounds like a bunch of jargon nonsense to you, here’s what it means: all data shared between you and Cliniko is transmitted and stored securely. No one can read the information except for you and us. Plus, we refresh your backup every day to make sure it stays current.
Accreditations and Certifications
We choose our partners carefully. Our hosting partner, Amazon Web Services (AWS), has achieved the following accreditations and certifications:
- PCI DSS Level 1 (Payment Card Industry Data Security Standard)
- ISO 27001 (Information Security Management System)
- FIPS 140-2 (United States Federal Information Processing Standard)
Cliniko is monitored 24 hours a day, 7 days a week, 365 days a year. If something goes wrong, we’ll be the first to know about it, and our team will jump into action straight away—no matter when it happens!
Cliniko data is backed up daily. Backups are redundantly stored in multiple physical locations. Data is also constantly streamed to replica databases for up to the second redundancy.
In other words, we’ve got backups for your backups and a contingency in place to handle any potential interruptions to the storage process. Don’t forget that you can also export your data at any time and create your own backups too.
Data stored close to home
New Cliniko accounts based in Australia will have their data stored in Australia. If you’re opening a new account in the UK, your data will be held in the UK. New Canadian accounts? You guessed it! We’ll keep your data safe and secure in Canada. For accounts based in any other country, we’ll house your data on our Australian servers.
Cliniko meets or exceeds all regulations of the Australian Privacy Principles, GDPR, PIPEDA, and HIPAA.
We offer bug bounties
for new, responsibly disclosed issues. If you’ve found something, please contact us at firstname.lastname@example.org.
What can you do to protect your account?
Enable two-factor authentication
Two-factor authentication adds an extra security step when you log in. With Cliniko, this means that accessing your account will require both your password and a code generated on your smartphone.
Understand user security roles
User security roles in Cliniko help you limit access to confidential information to only those who need it.
Create a strong password
Use a unique password for your Cliniko account. Since longer passwords are generally harder for criminals to break, try using a line from your favourite song or a short sentence you’ll easily remember.
Keep your browser updated
An up-to-date browser will ensure that Cliniko is performing at its best and that you have the latest protection against online threats.
Restrict third-party access
Cliniko connected apps often require your API key in order to link with your Cliniko account. Only share your API key with parties you trust, and be sure to read their terms of service and privacy policies.
Want to learn more? Get details on how you can protect your data.
We help with compliance
We provide you with the tools to ensure you are compliant with important privacy legislation, like the Australian Privacy Principles, GDPR, PIPEDA, and HIPAA.
Australian Privacy Principles
Because Cliniko is processed outside the EU, we have a Data Processing Addendum (DPA) that covers the use of Cliniko and includes additional Standard Contractual Clauses. We’ve also appointed a Data Protection Officer to ensure compliance with GDPR requirements.
For more information on how Cliniko can help you with GDPR compliance, take a look here.
HIPAA is only a concern for clinics based in the United States. For those who need it, though, Cliniko is fully HIPAA compliant and we have a built-in support option to help you stay compliant as well. If you’d like a Business Associate Agreement (BAA), just send us a request, and we’ll gladly get one set up for you.