Security

Last updated: April 27, 2026

Encryption in Transit

ClariFi uses HTTPS/TLS for data in transit between user devices and platform services.

Encryption at Rest

Data-at-rest is protected by managed PostgreSQL encryption on Render, TLS in transit, and application-level AES-256 encryption for selected secrets (for example OAuth tokens and integration credentials) using dedicated key material configured in production.

Account Security and MFA

Multi-factor authentication (MFA) support is being rolled out with optional enablement now and policy-based enforcement in future phases.

Report Security

Where available, report retrieval through authenticated portal download is the primary option. Third-party channel delivery should be used only when requested.

Responsible Disclosure

Please report suspected vulnerabilities to security@bizclinic.africa with sufficient reproduction detail and affected environment information.