Security

Last updated: April 23, 2026

At The Digital Clinic, we take the security of your data seriously. This page describes the measures we have in place to protect your information.

Infrastructure

Where Your Data Lives

Our primary infrastructure is hosted in the European Union (Germany). We use trusted cloud providers with strong security track records:

  • Application hosting — Render (EU)
  • File storage — Amazon Web Services S3 (Germany)
  • Database — Encrypted and backed up regularly

Encryption

  • In transit — All data transmitted between your browser and our servers is encrypted using TLS (HTTPS)
  • At rest — All personal data is encrypted in our databases using application-level encryption
  • Backups — Database backups are encrypted

Authentication & Access

For Users

  • Strong passwords — Minimum 8 characters, checked against known breach databases
  • Two-factor authentication (2FA) — TOTP support for authenticator apps (Google Authenticator, Microsoft Authenticator, etc.)
  • Recovery codes — Backup codes in case you lose access to your 2FA device
  • Session management — Sessions expire after inactivity and can be revoked

Account Protection

  • Rate limiting — Protection against brute-force login attempts
  • Account lockout — Automatic lockout after multiple failed login attempts
  • Session security — Secure, httponly cookies with session fixation protection

For Administrators

  • Role-based access control — Users can only access what they need
  • MFA visibility — Admins can see which team members have enabled 2FA

Application Security

Secure Development

  • Security reviews — Regular code reviews with security focus
  • Static analysis — Automated scanning for common vulnerabilities
  • Dependency monitoring — Automated alerts for vulnerable dependencies
  • OWASP Top 10 — We design and test against common web vulnerabilities

Web Security

  • Content Security Policy (CSP) — Protection against XSS attacks
  • CSRF protection — All forms protected against cross-site request forgery
  • Input validation — Strict validation and sanitization of all user input
  • SQL injection prevention — Parameterized queries throughout

AI Security

The Digital Clinic uses AI models hosted by external providers (see our Sub-processors page). We host no models ourselves. The following technical controls apply to AI processing:

No Outbound Tools

Agents running on customer content have no ability to browse the web, call arbitrary URLs, or exfiltrate data outside our backend. The internal tool registry exposes only three operations: creating documents, managing agent definitions, and searching our own knowledge base. There is no HTTP-fetch or code-execution tool.

System / User Role Separation

Prompts are built server-side. User content is passed through the provider's message-role API (as user/tool messages), not concatenated into system instructions. This limits the effect of prompt-injection attempts that try to override our instructions with content pasted into a case.

Scoped Context

Each AI call includes only the data from the medical case being processed, filtered through the same authorization model used throughout the application. Cross-case or cross-tenant context leakage is prevented at the query layer.

Code-Enforced Provider Allowlist

Each organization's configured AI providers (Mistral, OpenAI, Anthropic) are enforced in code before any AI request leaves the application. The same gate refuses rolling -latest model aliases for organizations that require pinned, deployment-controlled model versions. Denials are logged and surface as errors — never silent bypasses.

Graceful OCR Fallback

When an organization's allowlist excludes Mistral (our OCR provider), document OCR falls back to local text extraction inside our own application. No document bytes are sent to any external provider in this case.

Platform-Level Embeddings (Not Gated)

Knowledge-base search uses OpenAI embeddings and is a platform-level sub-processor — it is not covered by the per-organization provider allowlist because vector embeddings are stored in shared database columns with fixed dimensions. Organizations that cannot use OpenAI for embeddings have knowledge-base features disabled at onboarding rather than silently routed elsewhere. This is documented on our Sub-processors page.

Provider Non-Training Contracts

We transmit customer data only to AI providers whose DPAs contractually commit to not training models on our API traffic.

Usage Logging

We track AI usage per operation (provider, model, token counts, timestamp) for audit and cost attribution. The submitted content and returned response are not written to logs.

Customer-Selectable Provider

Organizations requiring EU-only AI processing can be configured to use Mistral AI (France) exclusively. This is a per-organization configuration option at onboarding, enforced by the code-level gate described above.

Data Protection

Access Controls

  • Role-based permissions — Veterinarians, specialists, nurses, and pet owners each have appropriate access levels
  • Case-based access — Medical case data is only visible to authorized participants
  • Authentication event logging — User authentication events (sign-in, password change, email verification, 2FA enrolment) are recorded per user in a queryable audit table. Administrative actions by Clean Wake staff are recorded in application logs.

Third-Party Services

We carefully vet all third-party services and require data processing agreements. See our Sub-processors page for the current list. Key points:

  • Most infrastructure is in the EU
  • US-based services have Standard Contractual Clauses in place
  • We minimize data shared with third parties

Compliance

GDPR

We comply with the General Data Protection Regulation (GDPR):

  • Data minimization — we only collect what we need
  • Encryption of personal data at rest and in transit
  • Role-based access controls
  • Data subject rights — access, correction, deletion, portability
  • Data Processing Agreements with all processors

Data Retention

We retain data only as long as necessary. See our Privacy Policy for specific retention periods.

Incident Response

If Something Goes Wrong

We have procedures in place for security incidents:

  • Immediate investigation and containment
  • Notification to affected users as required by law
  • Root cause analysis and remediation
  • Post-incident review to prevent recurrence

Reporting Vulnerabilities

If you discover a security vulnerability, please report it responsibly:

Email: team@digitalclinic.vet

Please include:

  • Description of the vulnerability
  • Steps to reproduce
  • Potential impact

We appreciate responsible disclosure and will acknowledge your report promptly. Please don't publicly disclose vulnerabilities until we've had a chance to address them.

Questions?

If you have questions about our security practices:

Clean Wake AB • Sprängarvägen 27 • 184 70 Åkersberga • Sweden • Email: team@digitalclinic.vet

Privacy Contact • Hannes Schippmann • Email: privacy@digitalclinic.vet

Back to home