Trust center

Security & compliance

How Clinit protects patient data: httpOnly cookies, CSP, Redis rate limits, automatic audit logging, PDPL export, and alignment with HIPAA, GDPR, SOC 2, and PCI DSS frameworks.

AES-256
Encryption
JWT
Tenant isolation
Audit
Auto-logged
BAA
Available
Read security page →Contact compliance
From the live product

Screenshots from doctor.clinit.app

View full product tour →
Consent form (English)
Consent form (English)
Medical certificate
Medical certificate
Clinic settings
Clinic settings
Quality & compliance hub
Quality & compliance hub

HIPAA-aligned controls

PHI access controls, audit trails, and BAA available for US-facing clinics.

PDPL & GDPR

Data export, erasure workflows, and consent capture for MENA and EU patients.

PCI DSS payments

Hosted checkout minimizes card data on clinic servers — webhooks idempotent.

SOC 2 Type II path

Security controls documented; enterprise clients can request audit summaries under NDA.

Automatic audit log

Every mutating API route writes to tenant audit trail — exportable for GAHAR quarterly.

Data residency

Self-hosted on DigitalOcean Cairo region via Coolify — your data stays in your deployment.

Security detailsCompliance moduleEnterprise