Security & Data Protection

Your patients' data stays yours

Clyno is hosted in India on Microsoft Azure, encrypted end to end, and built around the principles of India's DPDP Act — with role-based access, audit logging and per-clinic isolation as the default, not an upsell.

Hosted in India 256-bit encryption DPDP-aligned Role-based access
How we protect data

Security that's on by default

Every clinic gets the same protections — there is no 'security tier'.

Hosted in India

Data lives in Microsoft Azure's India regions. Clinical data does not leave the country in normal operation.

Encrypted in transit & at rest

256-bit TLS on the wire and encryption at rest. Keys and secrets sit in a managed key vault — never in code.

Role-based access control

Six roles, each scoped to exactly what it needs. Access is enforced on the server, not just hidden in the UI.

Audit logging

Sensitive actions are recorded, so a clinic can see who did what and when.

Per-clinic isolation

Every clinic is a separate tenant. One clinic can never read another's patient records.

Backups & recovery

Automated backups with point-in-time recovery, so a mistake or outage doesn't mean lost records.

Managed secrets

Credentials and API keys are stored in Azure Key Vault and rotated — not shipped in the app.

No PHI on public screens

The waiting-room 'Now Serving' board shows tokens, not patient names — privacy by design.

Least-privilege network

Production data stores are network-restricted; access is locked down to what the platform actually needs.

India's DPDP Act

Built around the DPDP Act, 2023

India's Digital Personal Data Protection Act sets the rules for handling personal data. Clyno is designed around its core principles.

Purpose limitation — data captured for care is used for care
Data minimisation — we collect what a consultation needs, not more
Consent for patient communications (e.g. WhatsApp follow-ups)
A patient's right to access and correction of their record
Retention and erasure handled on request

Our honesty policy on certifications

We publish the security practices we actually run — not compliance badges we haven't earned. Clyno does not currently claim a formal HIPAA or ISO 27001 certification. As we scale, formal certification is on our roadmap, and we'll say so here the day it's real. Until then, what you read on this page is what the platform does today.

Frequently asked questions

In India, on Microsoft Azure's India data-centre regions. Your clinic's clinical data does not leave the country in normal operation.

Security you can put in front of a patient

See exactly how Clyno handles clinical data — book a walkthrough with our team.

Related: EMR · ABDM & ABHA