Trust
Security at Clinelo
End-to-end security across data, infrastructure, and operations. Built for regulated healthcare environments.
Data protection
- Encryption in transit (TLS 1.2+) and at rest (AES-256).
- Row-level tenancy isolation for PHI.
- Secrets managed via secure vaults with rotation policies.
- Granular data access policies enforced at the service layer.
Application security
- SSO/SAML and SCIM provisioning for enterprise identity.
- Role-based access control (RBAC) and least-privilege defaults.
- Audit logs for administrative and clinical actions.
- Automated dependency scanning and security reviews.
Infrastructure
- Hardened cloud environments with network segmentation.
- Automated backups, point-in-time restore, and disaster recovery.
- 24/7 monitoring and alerting with anomaly detection.
- Environment separation (prod/stage/dev) with change controls.
Operational practices
- Background checks and security training for personnel.
- BAAs with covered entities and subprocessors.
- Incident response runbooks and regular tabletop exercises.
- Vulnerability management and coordinated disclosure.
Questions or security reports?
Reach our security team at security@clinelo.com. We respond promptly to responsible disclosures.