Klinivo Coming soon
UK GDPR · DPA 2018 · Encryption

Your patients' data, protected by design

Healthcare demands the highest security standards. Klinivo is built from the ground up with encryption, isolation, and compliance at every layer.

Compliance

Regulation-ready by design

Built for the strictest UK healthcare data regulations — full UK GDPR compliance, registered with the ICO.

UK GDPR

UK Data Protection

UK GDPR-compliant processing with DPA support, lawful basis tracking, and granular consent management, registered with the ICO.

DPA 2018

Data Protection Act 2018

Compliant with the UK Data Protection Act 2018, with subject access, rectification, erasure, and portability rights for patient data.

Encryption

End-to-end security

AES-256 encryption at rest and TLS 1.2+ in transit, multi-tenant isolation, and auditable access logging.

Infrastructure

Encryption at every layer

🔒

AES-256 at rest

All databases, backups, and file storage encrypted with AES-256. Legal documents stored with immutable Object Lock for 7 years.

🌐

TLS 1.2+ in transit

All data transmitted over HTTPS with TLS 1.2 or higher. No unencrypted connections accepted.

☁️

AWS infrastructure

Hosted on Amazon Web Services with Aurora PostgreSQL, S3, and Lambda. Multi-region availability and automated backups.

🗑️

24h audio deletion

Transcription audio files are automatically deleted within 24 hours via S3 lifecycle policies. No long-term audio retention.

Access Controls

Least privilege by default

👥

Role-based access

8 distinct user roles — from Platform Admin to Patient — each with scoped permissions. No user sees more data than their role requires.

🏢

Tenant isolation

Per-organization data isolation at the database level with Hibernate filters. No cross-tenant data leakage is architecturally possible.

📋

Audit logging

Every PHI access, modification, and login is tracked with immutable audit trails retained for 7 years.

🔐

MFA support

Multi-factor authentication via AWS Cognito with TOTP. JWT tokens expire after 1 hour with automatic session management.

Data Lifecycle

Responsible data handling

💾

7-year retention

Clinical records and legal documents retained for 7 years per healthcare regulations. Automated backup with encryption.

🧹

Right to deletion

Patients can request data access, export, rectification, or deletion through the patient portal or API endpoints.

🤖

AI data minimization

AI processing uses de-identified data only. Patient names, dates, and PII are removed before any AI model interaction.

📊

Analytics without PHI

Usage analytics and error tracking use PII-scrubbed data. CPF, emails, and phone numbers are automatically redacted.

Third-Party Security

Every vendor is vetted

All third-party services have signed Data Processing Agreements (DPA) or Business Associate Agreements (BAA).

AWS

Hosting, databases, AI, storage

BAA

Anthropic

AI clinical documentation

DPA

Stripe

Payment processing (PCI DSS)

DPA

Twilio

SMS and WhatsApp notifications

BAA

Have security questions?

Our team is ready to discuss compliance requirements, DPAs, and custom security configurations for your organization.

Contact Us

Enterprise-grade security for every practice

UK GDPR DPA 2018 AES-256 SOC 2
End-to-end encryption AWS infrastructure Multi-tenant isolation
UK GDPR DPA 2018 AES-256 SOC 2
End-to-end encryption AWS infrastructure Multi-tenant isolation

Ready to get your evenings back?

Join thousands of doctors who spend less time on paperwork and more time with patients.

No credit card · Free forever · Upgrade anytime

Coming soon

Join the waitlist

We're putting the finishing touches on Klinivo. Leave your email and we'll let you know the moment it opens — with early access.