Security Architecture & Protocols

1. Multi-Tenant Clinic Isolation

Whether using local databases or enabling sync coordinates, Klinio enforces strict logical separation of all clinic records. When using our cloud databases, data access relies on a secure database-level Row-Level Security (RLS) configuration. This guarantees that your clinic's database rows cannot be accessed, modified, or visualised by other accounts or organizations.

2. Encryption Standards

• In Transit: All communications between the desktop program, web browsers, and synchronization databases use secure Transport Layer Security (TLS 1.3) protocols.
• At Rest: Local workstation database caches and cloud storage archives are encrypted using AES-256 standards.
• API Access: No API keys or authorization credentials are stored in clear text or exposed on client-side routing.

3. Role-Based Access Controls (RBAC)

Administrators can define permissions on a user-by-user basis. Prevent unauthorized clinic staff from viewing payment reports, exporting doctor commissions, or deleting historical clinical files. Each action is authorized locally before execution.

4. Audit Logs & Verification

Klinio includes an internal audit logging architecture. Major actions—such as patient exports, database backups, file deletions, or credential modifications—are recorded to a local, tamper-evident log history.

5. Safe AI Assistant Processing

Klinio AI drafting queries are processed over secure endpoints. Patient names and clinical identification numbers are sanitized or stripped prior to transmission to drafting models. AI prompts and generated drafts are never used to train third-party public models.

6. Clinical Backups & Data Portability

With local-first operations, clinic owners retain full ownership of their data. You can export the entire SQL state, clinical images, and proposal PDFs at any point. Database backups can be scheduled locally to external drives, or synced to our secure cloud backup add-on.