Security.

Clinic Commerce takes user data security seriously and we have numerous technical and operational measures in place to ensure that your data remains safe. We’re committed to being transparent about our security practices and helping customers understand our approach.

 

Personnel Security

Clinic Commerce’s security practices apply to all members of staff, independent contractors, and anyone with direct access to our internal systems. Before gaining initial access to systems all employees must agree to confidentiality terms and pass a background screening.

Upon termination of employment at Clinic Commerce, all access is removed immediately.

Application Security

In order to secure Clinic Commerce’s applications, a secure development life cycle and release management process is used in the delivery mechanism for new products as well as updates to existing products. Advanced application security testing is performed to ensure released code is secure and adhering to defined development standards.

Physical Security

Clinic Commerce infrastructure is hosted on WP Engine (WP). The WP data centers are equipped with multiple levels of physical access barriers.

No Clinic Commerce employee has physical access to any WP data centers, servers, networking equipment, or storage

Product Security Features

Clinic Commerce’s foundational cornerstones for delivering customer services focus on strong security, availability and resiliency. Within the application’s themselves, strong authentication models are utilized and made available for clients to protect their data. CCI views data protection as the highest priority leveraging modern day safeguards for both data at rest and in transit. CCI employs advanced encryption technologies and strong key management which provide extensive protections for sensitive data using encryption tied to access control for in-flight and at-rest data protection.

Authorization/Authentication

Clinic Commerce adheres to the principle of least privilege – employees are given access only to the data that they must handle in order to fulfill their current job responsibilities. Employees are granted access to a small number of internal systems, but any requests for additional access must be approved by the system owner.

Where possible, Clinic Commerce employs multi-factor authentication for administrative access to systems containing any sensitive data.

Third Party Service Providers

Clinic Commerce uses third party providers for some aspects of our operations. Where those organizations may impact the security of our production environment or customer data, we take appropriate steps to ensure that Clinic Commerce’s security posture is maintained.

Privacy Policy

Learn more about privacy here.