GlimmedicGlimmedic
Back to home

Security at Glimmedic

Healthcare data is among the most sensitive in the world. We take that responsibility seriously — at every layer of our stack.

NDPR Compliant GDPR Aligned UK GDPR AES-256 TLS 1.3 SOC 2 (Clerk)

Encryption

  • AES-256 encryption for all data at rest
  • TLS 1.3 for all data in transit
  • Database backups encrypted end-to-end
  • Encryption keys managed with industry-standard KMS

Authentication

  • Powered by Clerk — SOC 2 Type II certified
  • Multi-Factor Authentication (MFA) supported
  • JWT token-based sessions with short expiry
  • Secure password hashing (bcrypt)
  • OAuth support (Google, Apple)

Infrastructure

  • Hosted on Supabase with Row Level Security (RLS)
  • Each clinic's data is fully isolated — no cross-tenant access
  • Vercel edge network with global CDN
  • Automated daily backups with 30-day retention
  • 99.9% uptime SLA target

Access Control

  • Role-based access: Practitioner, Admin, Patient
  • Patients can only see their own records
  • Practitioners can only access their own clinic's data
  • Audit logs for all data access and modifications
  • Admin actions require elevated privileges

Compliance

  • NDPR (Nigeria Data Protection Regulation) compliant
  • GDPR (EU General Data Protection Regulation) aligned
  • UK GDPR compliant for UK-based practitioners
  • HIPAA-aware design for US practitioners
  • Patient data processed under NDPC guidelines

Vulnerability Management

  • Responsible disclosure programme (see below)
  • Regular dependency audits and updates
  • OWASP Top 10 protections applied
  • Rate limiting on all API endpoints
  • Input validation and SQL injection prevention

Responsible Disclosure

Found a security vulnerability? We appreciate responsible disclosure. Please report it to us privately and give us a reasonable time to address it before public disclosure. We do not take legal action against security researchers acting in good faith.

Report a Vulnerability → Glimmedic@gmail.com

Data Handling Practices

Data Residency: Patient and clinic data stored on Supabase (EU/US regions). Nigerian practitioner data defaults to nearest EU region. We do not store data in jurisdictions with inadequate privacy protections.
Retention: Clinical records retained for 3 years (or as required by local law). Account data deleted within 30 days of account closure upon request.
Third parties: We share minimal data with: Clerk (authentication), Supabase (database), Vercel (hosting), Anthropic (AI processing). All are bound by DPAs.
AI data: Messages sent to Glimmedic AI are processed by Anthropic's API. We do not use your data to train AI models. See our Privacy Policy for details.
Read Full Privacy Policy

We use cookies to improve your experience. By using Glimmedic, you agree to our cookie policy.

Learn More