Securing your data
You own your data
We are custodians of your data. We take every step to help you manage it securely and confidentially. And when it’s time to say goodbye, your data is removed 90 days after cancelation, but you can take your data with you using Cliniko’s data export feature.
Ultra secure facilities
Cliniko is hosted in state of the art datacenter facilities. Physical access is controlled both at the perimeter and at building ingress points by professional security staff utilising video surveillance, intrusion detection systems, and other electronic means.
We use datacenter facilities that are built in clusters in various global regions. In case of failure, automated processes move customer data traffic away from the affected area and into other sites.
Whenever your data is sent between us, it’s encrypted using HTTPS (end-to-end encryption). We use a 2048-bit SSL certification for encryption in transit.
All data is also encrypted at rest and backed up daily, using the industry standard AES-256 encryption algorithm.
Accreditations and Certifications
We choose our partners carefully. Our hosting partner has achieved the following accreditations and certifications; PCI DSS Level 1 (Payment Card Industry Data Security Standard), ISO 27001 (Information Security Management System), FIPS 140-2 (United States Federal Information Processing Standard).
Cliniko is monitored 24 hour a day, 7 days a week, 365 days a year. If something goes wrong, we will be the first to know about it and will have technicians working to fix the problem immediately, no matter when it occurs.
Cliniko data is backed up daily. Backups are redundantly stored in multiple physical locations. Data is also constantly streamed to replica databases for up to the second redundancy.
Your data is stored in Australia
Cliniko stores and processes your data in Australia. It’s also processed in the US, UK and EU by our infrastructure and communication partners, to provide you with the best service possible. We ensure that they meet our high standards of privacy, security and confidentiality.
We offer bug bounties
for new, responsibly disclosed issues. If you’ve found something, please contact us at firstname.lastname@example.org.
What can you do to protect your account?
Enable two-factor authentication
Two-factor authentication adds an extra security step when you log-in. In Cliniko, this means that accessing your account will require not only your password, but also a code generated on your smartphone.
Understand user security roles
User security roles help you limit access to confidential information in Cliniko to only those who need to know.
Create a strong password
Use a unique password for your Cliniko account. Longer passwords are generally harder for criminals to break.
Keep your browser updated
An up-to-date browser not only ensures Cliniko is performing at its best, it also means you have the latest protection against online threats.
Restrict third-party access
Cliniko connected apps often require your API key in order to link with your Cliniko account. Only share your API key with parties you trust and be sure to read their terms of service and privacy policies.
Australian Privacy Principles
Because Cliniko is hosted in Australia and processed outside the EU, we have a Data Processing Addendum (DPA) that will cover the use of Cliniko and also include Standard Contractural Clauses. We have also appointed a Data Protection Officer to ensure compliance with GDPR requirements.
For more information on how Cliniko can help you with GDPR compliance, take a look here.