Security & data

Clear controls, clear responsibilities

ClinicStock provides access, audit, and data-management controls. Hosting, recovery, and regulatory responsibilities depend on the deployment and customer agreement.

Access control

Role-based permissions separate administrators, managers, nurses, inventory staff, employees, and auditors. Administrators control approvals and active access.

Account security

Password sessions use secure HTTP-only cookies. Authenticator-app MFA and OpenID Connect SSO can be enabled when the deployment is configured for them.

Operational traceability

Audit history records important user and inventory actions. Stock adjustments, dispensing, purchasing, and counts retain operational context.

Application protections

The application applies same-origin session protections, restrictive browser security headers, tenant scoping, input validation, and upload size limits.

Data ownership and export

Customers retain their rights in the information they enter. Supported plans can export inventory and operational reports as Excel workbooks. Additional exports or end-of-service assistance should be agreed before rollout when they are required.

Hosting and backups

ClinicStock supports containerized deployment and encrypted HTTPS access. A workflow for encrypted database backups and off-site copying is provided, but the active schedule, storage destination, retention, monitoring, and restore testing depend on the environment operated for your organization. Confirm those details during onboarding.

Support expectations

General support is available through [email protected]. ClinicStock does not publish a guaranteed response or resolution time for self-service plans. Enterprise response targets and deployment assistance must be documented in a separate agreement.

Compliance and DPA position

ClinicStock does not claim SOC 2, HIPAA, GDPR, or other certification solely because these technical controls exist. Organizations should assess their own legal and regulatory obligations before entering sensitive data. Any data-processing agreement, hosting commitment, or compliance representation must be reviewed and agreed in writing.

Product operator

ClinicStock is the product and service name used for this application. Sales, security, privacy, and support inquiries are handled through [email protected]. Legal entity and contracting details should be included in the customer’s signed order or deployment agreement.

Need to evaluate ClinicStock?

Describe your hosting, retention, access, and compliance requirements before rollout so unsupported assumptions can be identified early.

Contact ClinicStock