Security
At Clarirad, security is not just a feature—it's the foundation of everything we build. We understand that healthcare providers trust us with sensitive patient data, and we take that responsibility seriously.
Last updated: January 2026
Encryption at Rest
All data stored in our systems is encrypted using AES-256 encryption, the same standard used by financial institutions and government agencies.
Encryption in Transit
All data transmitted between your devices and our servers is encrypted using TLS 1.3, ensuring secure communication at all times.
Key Management
Encryption keys are managed through secure, audited key management systems with automatic rotation and strict access controls.
Infrastructure Security
Our infrastructure is hosted in SOC 2 Type II certified data centers with physical security, redundant power, and 24/7 monitoring.
Network Security
Multiple layers of network security including firewalls, intrusion detection, DDoS protection, and network segmentation protect against threats.
Multi-Factor Authentication (MFA)
MFA is available for all users and required for administrative access, adding an extra layer of protection against unauthorized access.
Role-Based Access Control
Granular role-based permissions ensure users only access the data and features necessary for their job function.
Audit Logging and Monitoring
Comprehensive audit logs track all system access and changes. Real-time monitoring alerts our security team to suspicious activity.
Session Management
Secure session handling with automatic timeouts, device tracking, and the ability to remotely terminate sessions from any device.
Threat Detection and Response
Advanced threat detection systems continuously monitor for suspicious patterns, with automated response capabilities and 24/7 security team coverage.
Compliance and Certifications
Our security practices align with healthcare compliance requirements including Australian Privacy Principles and New Zealand Privacy Act.
Data Backup and Recovery
Automated backups with point-in-time recovery, geographic redundancy, and regular disaster recovery testing ensure data availability.
Data Residency Controls
Data residency options allow you to choose where your data is stored, ensuring compliance with local data sovereignty requirements.
Secure Data Deletion
When data is deleted, secure deletion procedures ensure complete removal from all systems, including backups, with certification available.
Incident Response
Documented incident response procedures ensure rapid detection, containment, and recovery from security events with transparent communication.
Security Reporting
If you discover a security vulnerability, please report it responsibly to our security team at [email protected]. We appreciate responsible disclosure and will work with you to address any issues.