Security at Klinyca

How we protect your clinic's data.

Encryption

All traffic is served over HTTPS (TLS 1.2+). Database backups are encrypted at rest.

Access control

  • Per-user accounts with role-based permissions.
  • Passwords hashed with bcrypt — never stored in plaintext.
  • Session tokens regenerated on login to prevent fixation attacks.

Tenancy isolation

Every record is tagged with a clinic_id. Every query filters by it. Code review is required for any change that touches data access.

Audit trail

Every insert, update, and delete on patient-facing tables is recorded automatically with a JSON snapshot of the row before and after the change. Visible to clinic admins.

Backups

Encrypted daily backups, retained for 30 days. Disaster recovery tested quarterly.

Reporting a vulnerability

Found a security issue? Email [email protected]. We aim to acknowledge within one business day.