D. Clinic
LoginRegister
Back to home

Data Security

Patient data is among the most sensitive information that exists. Here is how we protect it.

Six layers of protection

Security is built into every layer of D. Clinic — not bolted on afterwards.

Encryption in transit & at rest

All data exchanged between your browser and our servers is encrypted using TLS 1.2+. Data stored on our servers — including patient records, prescriptions and billing — is encrypted at rest using AES-256.

Role-based access control

Every user in D. Clinic has a role — super admin, admin, doctor or staff. Each role sees only what it needs to. A receptionist cannot view prescriptions; a doctor cannot access billing settings. You control who has what access.

Automatic encrypted backups

Your clinic data is backed up automatically on a daily basis. Backups are encrypted and stored in geographically separate locations, so your data can be recovered quickly in the event of any incident.

Access logging & monitoring

All login attempts and significant data access events are logged. We continuously monitor for unusual activity patterns and will alert you if we detect anything suspicious on your account.

Secure authentication

Passwords are hashed using industry-standard algorithms and never stored in plain text. Session tokens are rotated on each login and expire automatically. We recommend enabling strong passwords for all staff accounts.

Multi-tenant isolation

D. Clinic is a multi-tenant platform. Each clinic's data is logically isolated — one clinic can never access another clinic's patient records, appointments or billing information.

Our security practices

Infrastructure

  • Hosted on reputable cloud infrastructure with 99.9% uptime SLA.
  • Servers are located in secure, access-controlled data centres.
  • Infrastructure is kept patched and updated on a regular schedule.
  • Network-level firewalls restrict access to production systems.

Application security

  • Input validation and output encoding to prevent injection attacks.
  • CSRF protection on all authenticated endpoints.
  • Secure HTTP headers (HSTS, CSP, X-Frame-Options) enforced.
  • Dependencies are monitored and updated for known vulnerabilities.

Incident response

  • We maintain an incident response plan to handle security events quickly.
  • In the event of a breach affecting your data, we will notify you promptly.
  • Post-incident reviews are conducted to prevent recurrence.
  • Contact dclinic@dworklabs.com to report a suspected vulnerability.

Your role in keeping data safe

Security is a shared responsibility. Here is what we ask of you and your team:

  • Use strong, unique passwords for every staff account.
  • Do not share login credentials between staff members.
  • Log out of D. Clinic on shared or public devices.
  • Grant staff the minimum access level they need to do their job.
  • Notify us immediately if you suspect any account has been compromised.
  • Keep the device software and browsers you use to access D. Clinic up to date.

Have a security concern?

If you believe you have found a security vulnerability or have concerns about how your data is handled, please contact us directly. We take all reports seriously.

Contact security team