Skip to main content
ClinikAPI’s full privacy policy is available at clinikapi.com/legal/privacy. The sections below summarize the key points most relevant to developers and healthcare organizations building on ClinikAPI.

PHI handling

Clinical data you store through ClinikAPI is Protected Health Information (PHI) under HIPAA. ClinikAPI acts as a Business Associate and handles PHI only as necessary to provide the service. PHI is:
  • Stored in AWS HealthLake, encrypted at rest with AES-256.
  • Transmitted exclusively over TLS 1.2 or higher.
  • Never accessed, used, or disclosed for any purpose other than operating the service and fulfilling legal obligations.
  • Isolated per tenant — your data cannot be accessed by other ClinikAPI customers.
A signed BAA is required before storing PHI. See the BAA page for details.

Data residency

Clinical data is stored in us-east-1 (AWS US East, N. Virginia) by default. Enterprise customers can request alternative AWS regions. Contact [email protected] for data residency options.

Data retention

Data typeRetention
Clinical data (PHI)Until you delete it or close your account; purged within 30 days of account closure
API request logs90 days
Account and billing dataWhile your account is active; deleted within 30 days of closure
You can export your data at any time using bulk export or delete individual resources via the API. To close your account and request full data deletion, contact [email protected].

Contact

For privacy questions: [email protected] Read the full policy: clinikapi.com/legal/privacy