Security
Last updated: 2026-06-25
UseClinicConnect is built for clinics that handle sensitive patient and pharmacy data. This page summarizes the technical and organizational measures we use to protect your workspace. For contractual details, see our Terms of Service and Privacy Policy.
1) Daily backups
- Production databases are backed up on a daily schedule with encrypted storage.
- Backups are retained on a rolling basis so we can recover from accidental deletion or corruption.
- Backup access is restricted to authorized personnel on a need-to-know basis.
- We periodically test restore procedures to validate recovery readiness.
2) HTTPS
- All traffic to UseClinicConnect is served over HTTPS (TLS) in production.
- Certificates are renewed automatically; HTTP requests are redirected to HTTPS.
- We use industry-standard encryption in transit between your browser and our servers.
- Network and DNS protection (e.g., Cloudflare) adds an extra layer against common web threats.
3) Role-based permissions
- Each user is assigned a role (e.g., admin, doctor, reception, pharmacy) with least-privilege access.
- Menu and feature access is controlled per role so staff only see what they need for their job.
- Clinic administrators manage user accounts and can deactivate access when someone leaves.
- We recommend unique logins for every staff member—shared credentials weaken accountability.
4) Audit logs
- Key actions within the application are recorded in audit trails to support accountability.
- Login events are tracked to help detect unusual access patterns.
- Audit data is retained for a defined period and purged on a rolling schedule where appropriate.
- Clinic admins can review activity relevant to their workspace; contact us if you need export assistance.
5) Disaster recovery
- We maintain a disaster recovery plan covering infrastructure failure, data loss, and service outages.
- Critical systems are hosted on redundant cloud infrastructure with monitored uptime.
- In the event of an incident, we prioritize restoring service and communicating status to affected customers.
- Recovery time objectives depend on the nature of the incident; we target restoration within hours for major outages.
6) Data ownership
- Your clinic owns the data you enter into the workspace—patients, prescriptions, pharmacy records, and related documents.
- We process that data only to provide and improve the service, as described in our Privacy Policy.
- On request or at the end of your subscription, we can help with data export in a standard format.
- For self-hosted / full-ownership deployments, data remains entirely on your infrastructure under your control.
Questions about security? Email support@useclinicconnect.com.