🛡 Patient data is the bar

Designed for the most sensitive data on the planet.

ClaraMed handles names, diagnoses, prescriptions, and conditions of real people. We built our security model assuming we are an adversary's first target — because we are.

End-to-end encryption

Every byte of patient PII (name, DOB, phone, address, conditions, prescriptions) is encrypted at rest using pgcrypto AES-256. In transit, TLS 1.3 is enforced everywhere.

  • AES-256 at rest, AWS KMS-managed keys
  • TLS 1.3 minimum, HSTS preloaded
  • Database-level row encryption for clinical fields

Tenant isolation

Every clinic gets a strictly isolated tenant. Row-level security in Postgres means a query from Clinic A literally cannot return data from Clinic B — even if the application logic has a bug.

  • Postgres RLS enforced at the database layer
  • JWT contains clinic_id; every query filtered
  • Quarterly external penetration testing

Audit log, everywhere

Every patient data access — read, write, export, delete — is recorded with actor, timestamp, IP, and reason. Audit logs are append-only and cannot be modified, even by us.

  • WORM-style audit storage (write once, read many)
  • Owner-visible audit timeline per patient
  • Superadmin actions specifically separated

Least-privilege access

Receptionists see schedules but not clinical notes. Doctors see only their clinic. Even ClaraMed staff need a documented support ticket to access any clinic's data.

  • Role-based access control (RBAC), 4 roles
  • Transparent impersonation banner for support
  • 30-min auto-expiry on support sessions

Backups & recovery

Hourly snapshots, 30-day point-in-time recovery, geo-redundant storage across two regions. If a disk dies, you don't notice. If a region dies, you notice for <15 minutes.

  • RPO 1 hour, RTO 15 minutes
  • Quarterly recovery drill, results published
  • Encrypted off-region backup vault

Your data, your rules

Export everything to CSV anytime. Request deletion and we'll wipe (with a 30-day grace period). We will never sell, share, or train AI on your patient data.

  • One-click CSV export of all clinic data
  • GDPR-style right-to-deletion endpoint
  • No data shared with third parties, ever
Compliance

Aligned with the standards that matter in our markets.

DRAP-alignedPakistan health data guidelines
Nabidh-readyUAE Dubai Health Authority
SOC 2 Type IIIn progress · attestation Q4 2026
GDPR-compatibleFor EU data subjects
ISO 27001Targeting Q2 2027
HIPAAv1 explicitly out of scope (US not targeted)
Architecture

The shape of the system, without the sales pitch.

stack.txt
Edge      · Cloudflare WAF + DDoS
Web       · Next.js 15 on Railway / Vercel
Mobile    · Flutter for iOS & Android (single codebase)
API       · FastAPI (Python 3.12), auto-generated OpenAPI
DB        · PostgreSQL 16, pgcrypto, row-level security
Queue     · Redis + Celery (reminders, summaries, exports)
Storage   · S3-compatible, encrypted, signed URLs only
Observ.   · Sentry + Datadog + pgSentry (built in-house)
p95 latency

< 300ms API response

Measured at the application layer, excluding TLS handshake. Database p99 < 80ms.

uptime

99.95% SLA

~22 minutes of permitted downtime per month. Public status page at status.claramed.com.

data residency

Region-pinned per clinic

PK data in Singapore region. UAE data in UAE region for Nabidh. EU optional.

Our principles

How we make decisions about your data.

01 — Minimum

We collect the minimum data necessary to deliver the product.

No analytics SDK with PII. No third-party trackers. No advertising pixels. The only data we collect is what's required for the clinic to function and for us to bill you.

02 — Yours

Your data is yours. Forever.

One-click export to CSV / JSON. Cancel and we keep your data for 90 days (so you can reactivate or migrate), then delete permanently. We never aggregate or anonymise it for resale.

03 — No AI training

We do not train AI models on patient data.

No exceptions. If we add AI features (e.g. voice-to-text), it runs on de-identified data with explicit opt-in, and the model never persists your data outside of the request.

04 — Transparent

If we access your data, you see it.

Our support team can impersonate a clinic admin for debugging, but only with documented approval. A yellow banner is visible the entire session. Every keystroke is audit-logged.

05 — Honest

If something goes wrong, we tell you fast.

Security incidents are disclosed within 72 hours, even if no data was exfiltrated. Status page shows real incident detail, not corporate haiku.

Found a vulnerability? We'll pay you for it.

Our bug bounty program runs on HackerOne. Eligible reports get a thank-you, a bounty up to $5,000, and a public credit (with your permission). Critical issues get a same-day response.

Email security@claramed.comView bug bounty program →
PGP fingerprint: 4D9F C2A1 88E3 7F0B 5C2A · 6D7B 9A2E 1F8C 88E3 7F0B

Trust, but verify.

Try ClaraMed free for 14 days. Read our public security policy. Talk to our DPO before you sign anything.

Start free trial Download security whitepaper