Cliniqa360 logo
Back to home

Data Security Policy

Last updated: April 6, 2026

Cliniqa360 is committed to protecting clinic and patient information. This policy explains how we secure your data when you use our platform for patient management, prescriptions, appointments, POS, inventory, reports, loyalty, SMS, and related operations.

1. What Data We Protect

Cliniqa360 may process clinic account and staff information, patient profile, prescription, and appointment information, transaction and operational records (POS, inventory, suppliers, reports), and security or audit records needed to protect the platform.

We process data to deliver the service, maintain security, and support legitimate clinic operations.

2. How We Protect Your Data

We apply layered safeguards to protect data across our platform and operations.

No system can guarantee zero risk, but we continuously improve controls and respond quickly to potential threats.

  • Encryption in transit (HTTPS/TLS)
  • Encryption at rest through our cloud infrastructure providers
  • Role-based access controls to limit who can view or modify data
  • Secure session handling and authenticated access controls
  • Monitoring and logging of key security and administrative activities

3. Access Control and Privacy by Design

  • Access is limited based on user role and clinic context
  • Users should only access the data needed for their responsibilities
  • Sensitive records are protected with stricter access rules
  • Administrative access is restricted and reviewed

4. Infrastructure and Service Providers

Cliniqa360 uses trusted cloud and communication providers to operate core services, including hosting, authentication, database, storage, and SMS delivery.

Where third-party providers are used, we share only the minimum data needed for the service, select providers with security and reliability in mind, and review provider access as part of our security process.

5. Backups and Availability

To support continuity and recovery, we maintain backup capabilities for supported plans and features.

  • Access to backup and restore functions is restricted
  • Restoration actions are controlled and logged

6. Security Monitoring and Incident Response

We maintain security monitoring and event logging to detect suspicious activity.

If a security incident affects your data, we will investigate, contain, remediate, and notify affected parties as required by law and contractual obligations.

7. Data Retention and Deletion

We retain data only as long as needed for service delivery, legal obligations, and legitimate operational purposes.

When services are terminated, customers are given a data export window based on applicable terms, and data is securely deleted according to our retention and deletion practices.

8. Customer Responsibilities

Security is a shared responsibility. Customers are expected to:

  • Assign user roles carefully and review staff access regularly
  • Keep account contact channels secure (email/phone used for authentication)
  • Use strong internal security practices in clinic operations
  • Obtain required patient consent for data entry and communications
  • Notify us promptly if unauthorized access is suspected

9. Compliance

Cliniqa360 aligns its data handling practices with applicable privacy and data protection requirements, including the Philippine Data Privacy Act of 2012 (RA 10173), and other obligations that may apply to customer operations.

10. Policy Updates

We may update this policy to reflect product, legal, or security changes. The latest version will always be published in our official documentation.

11. Contact

For security or privacy concerns, contact: hello@cliniqa360.com