Security

Last updated: January 27, 2026

At Digital Clinic, we take the security of your data seriously. This page describes the measures we have in place to protect your information.

Infrastructure

Where Your Data Lives

Our primary infrastructure is hosted in the European Union (Germany). We use trusted cloud providers with strong security track records:

  • Application hosting — Render (EU)

  • File storage — Amazon Web Services S3 (Germany)

  • Database — Encrypted and backed up regularly

Encryption

  • In transit — All data transmitted between your browser and our servers is encrypted using TLS (HTTPS)

  • At rest — All personal data is encrypted in our databases using application-level encryption

  • Backups — Database backups are encrypted

Authentication & Access

For Users

  • Strong passwords — Minimum 8 characters, checked against known breach databases

  • Two-factor authentication (2FA) — TOTP support for authenticator apps (Google Authenticator, Microsoft Authenticator, etc.)

  • Recovery codes — Backup codes in case you lose access to your 2FA device

  • Session management — Sessions expire after inactivity and can be revoked

Account Protection

  • Rate limiting — Protection against brute-force login attempts

  • Account lockout — Automatic lockout after multiple failed login attempts

  • Session security — Secure, httponly cookies with session fixation protection

For Administrators

  • Role-based access control — Users can only access what they need

  • Audit logging — We track access to sensitive data

  • MFA visibility — Admins can see which team members have enabled 2FA

Application Security

Secure Development

  • Security reviews — Regular code reviews with security focus

  • Static analysis — Automated scanning for common vulnerabilities

  • Dependency monitoring — Automated alerts for vulnerable dependencies

  • OWASP Top 10 — We design and test against common web vulnerabilities

Web Security

  • Content Security Policy (CSP) — Protection against XSS attacks

  • CSRF protection — All forms protected against cross-site request forgery

  • Input validation — Strict validation and sanitization of all user input

  • SQL injection prevention — Parameterized queries throughout

Data Protection

Access Controls

  • Role-based permissions — Veterinarians, specialists, nurses, and pet owners each have appropriate access levels

  • Case-based access — Medical case data is only visible to authorized participants

  • Audit trails — We log who accessed what and when

Third-Party Services

We carefully vet all third-party services and require data processing agreements. Our subprocessors are listed in our Privacy Policy. Key points:

  • Most infrastructure is in the EU

  • US-based services have Standard Contractual Clauses in place

  • We minimize data shared with third parties

Compliance

GDPR

We comply with the General Data Protection Regulation (GDPR):

  • Data minimization — we only collect what we need

  • Encryption of personal data at rest and in transit

  • Role-based access controls

  • Data subject rights — access, correction, deletion, portability

  • Data Processing Agreements with all processors

  • Appointed Data Protection Officer

Data Retention

We retain data only as long as necessary. See our Privacy Policy for specific retention periods.

Incident Response

If Something Goes Wrong

We have procedures in place for security incidents:

  • Immediate investigation and containment

  • Notification to affected users as required by law

  • Root cause analysis and remediation

  • Post-incident review to prevent recurrence

Reporting Vulnerabilities

If you discover a security vulnerability, please report it responsibly:

Email: team@digitalclinic.vet

Please include:

  • Description of the vulnerability

  • Steps to reproduce

  • Potential impact

We appreciate responsible disclosure and will acknowledge your report promptly. Please don't publicly disclose vulnerabilities until we've had a chance to address them.

Questions?

If you have questions about our security practices:

Clean Wake AB • Sprängarvägen 27 • 184 70 Åkersberga • Sweden • Email: team@digitalclinic.vet • Phone: +46 73 089 2038

Data Protection Officer • Hannes Schippmann • Email: hannes@digitalclinic.vet • Phone: +46 73 510 62 05

Back to home