Practitioners trust Cliniko with the safe-keeping of millions of confidential client records every day. Security isn’t just fine-print for us: it’s a central feature and shapes every decision we make.

Security person with earphone surronded by eyes

Securing your data

You own your data

We are custodians of your data. We take every step to help you manage it securely and confidentially. And when it’s time to say goodbye, your data is removed 90 days after cancelation, but you can take your data with you using Cliniko’s data export feature.

Ultra secure facilities

Cliniko is hosted in state of the art datacenter facilities. Physical access is controlled both at the perimeter and at building ingress points by professional security staff utilising video surveillance, intrusion detection systems, and other electronic means.

High availability

We use datacenter facilities that are built in clusters in various global regions. In case of failure, automated processes move customer data traffic away from the affected area and into other sites.


Whenever your data is sent between us, it’s encrypted using HTTPS (end-to-end encryption). We use a 2048-bit SSL certification for encryption in transit.

All data is also encrypted at rest and backed up daily, using the industry standard AES-256 encryption algorithm.

Accreditations and Certifications

We choose our partners carefully. Our hosting partner has achieved the following accreditations and certifications; PCI DSS Level 1 (Payment Card Industry Data Security Standard), ISO 27001 (Information Security Management System), FIPS 140-2 (United States Federal Information Processing Standard).

24/7/365 Monitoring

Cliniko is monitored 24 hour a day, 7 days a week, 365 days a year. If something goes wrong, we will be the first to know about it and will have technicians working to fix the problem immediately, no matter when it occurs.


Cliniko data is backed up daily. Backups are redundantly stored in multiple physical locations. Data is also constantly streamed to replica databases for up to the second redundancy.

Your data is stored in Australia

Cliniko stores and processes your data in Australia. It’s also processed in the US, UK and EU by our infrastructure and communication partners, to provide you with the best service possible. We ensure that they meet our high standards of privacy, security and confidentiality.

We offer bug bounties

for new, responsibly disclosed issues. If you’ve found something, please contact us at

What can you do to protect your account?

Enable two-factor authentication

Two-factor authentication adds an extra security step when you log-in. In Cliniko, this means that accessing your account will require not only your password, but also a code generated on your smartphone.

Understand user security roles

User security roles help you limit access to confidential information in Cliniko to only those who need to know.

Create a strong password

Use a unique password for your Cliniko account. Longer passwords are generally harder for criminals to break.

Keep your browser updated

An up-to-date browser not only ensures Cliniko is performing at its best, it also means you have the latest protection against online threats.

Restrict third-party access

Cliniko connected apps often require your API key in order to link with your Cliniko account. Only share your API key with parties you trust and be sure to read their terms of service and privacy policies.

We help with compliance

We provide you with the tools to ensure you are compliant with important privacy legislation, such as the Australian Privacy Principles and GDPR. Cliniko’s data export feature also helps you maintain health record keeping retention.

Australian Privacy Principles

To help you manage your obligations under the Australian Privacy Principles, Cliniko provides features to record if an individual has given consent to your privacy policy or direct marketing. We also ensure that records are destroyed, when personal information is no longer required by you.


Because Cliniko is hosted in Australia and processed outside the EU, we have a Data Processing Addendum (DPA) that will cover the use of Cliniko and also include Standard Contractural Clauses. We have also appointed a Data Protection Officer to ensure compliance with GDPR requirements.

For more information on how Cliniko can help you with GDPR compliance, take a look here.