CClinIQ
Request access
ClinIQ · Compliance
Trust & Security

How ClinIQ protects clinician, employer, and agency data.

ClinIQ is the workforce intelligence layer for healthcare. Every license record, every contact detail, every outbound message is held to financial-services-grade controls — by default.

See the controls Evidence pack
Controls matrix

At-a-glance controls

A summary your compliance team can scan in 60 seconds.

Control
Status
How it works
Tenant isolation
Active
Row-Level Security on every customer table; queries scoped by company_id and authenticated session.
Encryption at rest
Active
AES-256 across the primary database and backups.
Encryption in transit
Active
TLS 1.2+ for all client, API, and webhook traffic.
Field-level PII encryption
Active
Clinician contact details and license payloads encrypted with pgcrypto + KMS-held key.
Role-based access control
Active
Least-privilege roles: owner, admin, member, viewer — stored in a dedicated user_roles table.
Immutable audit log
Active
Every unlock, export, message, role change, and template edit recorded with actor, IP, and timestamp.
Webhook security
Active
HMAC signature verification, replay-window enforcement, and per-source rate limits on inbound apply / unsubscribe webhooks.
Multi-factor authentication
Available
TOTP enrollment per user; workspace admins can enforce MFA tenant-wide.
AI prompt PII redaction
Active
Clinician PII (license numbers, contact info, DOB) redacted before any LLM call.
Daily backups + PITR
Active
Point-in-time recovery up to 7 days; daily snapshots retained per provider policy.
SOC 2 Type 2 (infrastructure)
Active
Underlying infrastructure (AWS, via our managed backend) is SOC 2 Type 2 certified.
SOC 2 Type 2 (ClinIQ)
On roadmap
ClinIQ's own SOC 2 Type 2 audit is on the roadmap; attestation timeline available under NDA.
HIPAA-aware posture
Active
ClinIQ stores license and contact data — not PHI. BAA available on request for workflows that require it.
TCPA-aligned messaging
Active
Consent capture, signed unsubscribe tokens, and a workspace-level suppression list applied before every send.
CAN-SPAM compliant outbound
Active
Physical address, sender identification, and one-click unsubscribe enforced on every outbound message.
CCPA / CPRA aware
Active
Consumer rights workflow for access and deletion requests.
PCI scope minimized
Active
No cardholder PANs stored; billing handled by tokenized processors.

Data protection

All data is encrypted at rest with AES-256 and in transit with TLS 1.2+. Sensitive fields — clinician contact info, license registry payloads, and message bodies — are additionally encrypted at the column level using pgcrypto with a KMS-held key.

Field-level keys can be rotated without downtime; backups inherit the same encryption.

Tenant isolation

Every customer table is protected by Row-Level Security policies that scope reads and writes to the authenticated user's company_id and role.

Privileged operations route through SECURITY DEFINER functions that read role membership from a dedicated user_roles table — preventing client-side privilege escalation.

Access control

Role-based access with least privilege: owner, admin, member, viewer. Invites are signed, single-use, and expire automatically.

Per-user TOTP MFA enrollment is available in workspace settings. Tenant administrators can enforce MFA for the entire workspace.

Audit logging

Every privileged write — unlocks, exports, role changes, template edits, message sends, suppression-list mutations — is recorded in an append-only audit log with actor identity, IP, and timestamp.

Logs are queryable in-app at /audit and exportable to CSV for downstream SIEM ingestion.

Webhook & integration security

Inbound webhooks (apply submissions, unsubscribes, billing) are verified end-to-end: HMAC signature check, replay-window enforcement, and per-source rate limiting. Invalid payloads return a structured 4xx with no internal state exposed.

Outbound integrations use short-lived credentials stored in our managed secrets vault — never in source control.

AI safety

All clinician PII (license numbers, full contact details, DOB) is redacted from prompts before being sent to any third-party LLM. Customer data is never used for model training.

AI outputs are advisory; hiring, credentialing, and outreach decisions remain with authorized humans on the employer or agency side.

Compliance posture

Underlying infrastructure is SOC 2 Type 2 certified. ClinIQ's own SOC 2 Type 2 audit is on the roadmap; attestation timeline is available under NDA.

Programs aligned with: HIPAA Security Rule (BAA on request), TCPA, CAN-SPAM, CCPA / CPRA. We minimize PCI scope by tokenizing payment instruments through certified processors.

Incident response

24/7 monitoring with on-call rotation. We commit to notifying impacted customers within 24 hours of confirming a security incident affecting their data, with a written postmortem to follow.

Contact: security@cliniq.com

Vendor inventory

Sub-processors

ClinIQ maintains a full sub-processor inventory covering hosting, authentication, AI inference, license-registry data, email delivery, and analytics. The inventory is shared under NDA as part of the procurement and DPA process.

Request sub-processor list
Procurement

Evidence pack

Documents your compliance and procurement teams typically request.

Data Processing Addendum (DPA)
Security Overview (CAIQ-Lite)
Vulnerability Scan Summary
W-9
Certificate of Insurance (COI)

Need something not listed? Email procurement@cliniq.com.

Questions your compliance team didn't see answered?

We respond to security questionnaires within 5 business days.

Contact security