CliniKite
Data privacy

Your patients’ records stay in your clinic.

CliniKite is designed so that every patient record, prescription, and invoice is stored only on infrastructure your clinic controls. We do not hold a copy of your clinical data, and we cannot access one.

A clean desk with a laptop and smartphone, representing secure digital records
Clinical data held by CliniKite
None
What this means for your clinic

Four straightforward commitments.

Each commitment below is a direct outcome of how the product is designed. They are not optional settings or premium upgrades — they are the default behaviour of the platform.

01

Records remain in your clinic

Every patient record, prescription, and invoice is stored on infrastructure you control. CliniKite does not keep a copy of your clinical data, and has no mechanism to access one.

02

You hold every credential

The database password, the encryption key for backups, and every authentication secret are generated on your clinic's system during setup. We do not retain copies.

03

AI sees only de-identified text

When AI assistance is used, a privacy filter removes names, dates of birth, phone numbers, addresses, and identity numbers before any request leaves your clinic.

04

Licence fees are our only revenue

CliniKite earns revenue from one-time software licences and optional platform add-ons. We do not sell aggregated data, derive analytics from your records, or engage in pharmaceutical-industry data partnerships.

Digital Personal Data Protection Act

Aligned with India’s data protection law.

India’s Digital Personal Data Protection Act (DPDP) comes into full effect in May 2027. The Act places clear obligations on any organisation that holds personal data, including the responsibilities of the data fiduciary, consent management, breach notification, and data-principal rights.

Because patient records remain inside your clinic, your practice is the sole data fiduciary for that information. This simplifies compliance: consent is managed with your patients, breach notification is a clinic-level responsibility, and data-principal requests are handled through the CliniKite interface.

Request our compliance summary
CliniKiteCloud-hosted EMRs
Patient data locationYour clinicVendor infrastructure
Database credentialsHeld by clinicShared with vendor
Backup ownershipClinic-controlledVendor-controlled
Secondary use of dataNot permittedCommonly allowed
Export of recordsOpen, documentedOften proprietary
DPDP data fiduciaryYour clinicShared or unclear
Common questions

The questions clinics ask most often.

Each answer covers the practical implication for your clinic. More detailed documentation is available on request, including a technical summary suitable for IT or security review.

Request a privacy reviewDeployment options →
01Where are my patient records stored?

On the infrastructure of your choice: a computer at your clinic, a managed cloud instance, or an AWS account registered to your practice. Patient records are never stored on CliniKite-owned infrastructure.

02Can CliniKite read my patient data?

No. CliniKite has no administrative access to your database, and the product does not transmit clinical information to our servers. Any access for support requires your explicit permission and is time-bound.

03What happens if CliniKite discontinues the product?

Each clinic retains the application, its database, and a documented export of records in an open format. Your practice continues to operate without dependency on our ongoing availability.

04How does the AI assistance protect patient privacy?

Every AI request passes through a privacy filter that removes patient identifiers before the request is sent. The AI provider receives clinical text without names, dates of birth, contact details, or identity numbers.

05Is CliniKite suitable for DPDP Act compliance?

Yes. The platform is designed for clinics to act as the sole data fiduciary for their patient records, which simplifies consent, access, correction, and erasure obligations under the Digital Personal Data Protection Act.

For technical review

A visual summary for clinics evaluating CliniKite with an IT partner.

The diagram below shows what remains within your clinic and what leaves — at a level useful for a non-technical audience. Detailed technical documentation is available during the evaluation process.

YOUR CLINICCLINIC SYSTEMRuns on your hardwareCliniKite applicationWeb interface for staffSecure software updatesPATIENT RECORDSYour clinic's database· Records & prescriptions· Vitals & lab reports· Invoices & messagesCLINIC STAFFDRDoctorRCReceptionNRNurseBLBillingADAdminENCRYPTED BACKUPKept in your clinicNightly, encryptedYour encryption keyPRIVACY FILTERRemoves identifiersBefore any AI requestName, DOB, phone, IDCLINIKITE SERVICESAdministrative onlyWhich clinics are registeredLicence and connectivity statusSoftware update channelNo records or namesNo prescriptionsNo vitals or lab dataAI PROVIDERReceives de-identified text onlyRequest:"BP 138/86, trending up 3visits. Current medication telmisartan 40.Suggestions for combination therapy?"No name, date of birth, phone, Aadhaar, or addresslicence and updatesde-identified requestsuggestion returnedPatient information remains inside your clinicDe-identified requests are the only clinical data that leavesAdministrative signals only