☝️ New updates for the next release (est. Jan 2022)

A number of sections below have been updated to reflect the upcoming changes to the app and the server.

What we store about you and your team on our servers

  • Your first and last names (so we know how to address you)

  • Your business name (see above)

  • Your email address (so we can contact you — e.g. for trial expiry notices, billing issues etc.)

  • A link to your subscription in our payment processor, Stripe (so we can bill you)

  • When you signed up (so we can calculate your trial)

  • When you activated your account

  • When your trial expires

  • The number of practitioners you have on your Cliniko account (so we know what plan to put you on)

  • A list of IDs of the businesses you have on Cliniko (i.e. if you have multiple locations setup in Cliniko, these are known as different businesses) (we only want every business having one account, so we use this list to match against if you ever decide to use a different API key than the one you with which you first signed up)

  • Your Cliniko account ID

  • A guess at your currency code e.g. AUD (we look at your currency symbol and Cliniko country to work this out)

  • A one-way hash of your Cliniko API key(s) (this is used to match your iPads against your account so we know who you are — so we can let you know if your trial has expired or if you've exceeded the number of allocated practitioners on your account and need to upgrade)

  • A list of users from your Cliniko account, their email addresses, roles and encrypted API keys where we've been given them (so we can perform actions within your Cliniko account not only from your connected iPad, but also from our server)

  • Your Finger-Ink forms

  • Your Cliniko referral source types

  • When/if you consented to our terms of service & privacy policy

  • Your chosen inbox settings

What we store about your patients on our servers

☝️ New updates for the next release (est. Jan 2022)

All forms — iPad and web — will now flow through our server. Because they will then allow re-processing and reversing, patient data submitted through the form, and an optional backup of the patient record will be stored indefinitely.
  • We store form responses from the iPad app and web.

  • This patient data is stored to allow re-processing. This data is stored indefinitely until you delete the response. After deleting, the data is removed.

  • If enabled, we will also store a backup of the patient record alongside the form response. This will also be removed if the response is deleted.

  • Our server is hosted with a HIPAA-compliant host. This doesn't mean we're HIPAA compliant yet, but it means that extra precautions are taken with our database, its backups, and any access.

  • Our entire database is protected by encryption at disk-level by our HIPAA-compliant host.

  • Title, first names, last name, preferred first name, date of birth, email address, mobile phone and the patient & appointment IDs from the filled form (if available) are stored at this disk-level of encryption to allow for searching of forms through the inbox.

  • Other filled form data (i.e. any field on a form not included in the point above) is stored double-encrypted. Once at disk-level, and again at record-level.

  • Patient record backups are also stored double-encrypted. Once at disk-level, and again at record-level.

Transient data

There is some data that we don't store in a database, but we keep in memory on the server to provide to connected iPads:

  • Your recent appointments (2 days ago, yesterday, today, tomorrow, the next day) — stored alongside basic patient information (name, DOB, email) used for self check-in.

  • A list of your appointment types.

  • A list of your practitioners.

How information is stored and transferred between your iPad(s) and our servers

All communication between our servers, your iPad(s) and/or Cliniko's servers is encrypted in transit.

All data on our servers is encrypted at rest (because we host on HealthcareBlocks).

We never store your plaintext API key(s) on our servers. Instead, we store both a one-way hash and an encrypted version of these keys.

This means that even in the very unlikely event that someone did get past our encryption and get an unencrypted version of our database, they still wouldn't be able to access your Cliniko account using the API key(s) we store:

  • The API key(s) stored using the one-way hash allow us to verify who you are by going API key → hash. They can never be translated back from the hash to the API key.

  • The encrypted API key(s) are encrypted in a similar way to how Google encrypts its data.

Third party integration

We keep third-party integration to a minimum. The full list of our sub-processors can be found in our EU addendum to our Privacy Policy, and below. All of these 3rd party integrations are GDPR compliant.

  • Cliniko

  • Intercom

  • Stripe

  • Sentry

  • Slack

  • Github

  • Quip

  • Xero

  • Webflow

  • Google

  • Migadu

  • ProfitWell

No patient information is shared with any of these — except for Cliniko.


Obviously, we interact with Cliniko in a huge way. We use the API key(s) you provide us to communicate with their servers both regularly in our app and, the first time you connect with us, from our servers.

We communicate with Cliniko to

  • Get your appointments

  • Get patient information before filling out a form

  • Send updated patient information

  • Attach PDFs to patient records

  • Get a list of your treatment note templates

  • Get a specific treatment note template that you've selected

  • Create draft treatment note templates

  • Get your practitioner and user settings to determine if we need to provide for any other API keys to be entered into the app

  • Get your settings to determine your online booking logo image, company name and email address

  • Get your settings to determine your billing currency, administrator name, administrator email address and your company name — so we can use these to create a Finger-Ink account for you

  • Get a list of your business IDs (so if you connect with a different API key in the future, we can match this to a previous account of yours if one exists)

  • Get a list of users so we know in which plan to place you, and so user accounts can be created in Finger-Ink for the rest of your team

We may also communicate with Cliniko to

  • Download your referral source types

  • Download treatment note templates

  • Update patient referral sources


We use Intercom as our customer support service. Any time you send an email to support@finger-ink.com, privacy@finger-ink.com or contact us through the chat button on the website, or in the app, it goes through Intercom's servers.

We also send key events from the app so we can better serve you — e.g. when you first load the app, when you have filled out your first form, when you've imported a template from Cliniko etc.

No patient information is shared with Intercom.


We use Stripe as for subscription billing. To facilitate this, the following information about your subscription is stored with Stripe:

  • Your subscription plan

  • Your billing address

  • Your billing email address

  • Your credit card details — name, number, expiry date (we can't access these, see Stripe's security documentation)

  • A history of your transactions with us

No patient information is shared with Stripe.


Sentry is a service we use to let us know when the app crashes. 

No patient information is shared with Sentry.


Slack is our company communication service — we use it to plan features, collaborate on supporting you, our customers, and for general company communication.

We occasionally mention company names and first names during this communication.

No patient information is shared with Slack.


Github is where our application source code is hosted. We also use it to plan features. We occasionally tag planned features or bugs with company and customer names.

No patient information is shared with Github.


Quip is like Google docs, and it allows collaboration on documents across our team. We use it to collect the results of optional surveys you may take.

No patient information is shared with Quip.


Xero is our accounting software. When payments come in, they need to be matched against our bank account. Xero is how we do that. Your name, your company name and your billing address may be stored within Xero.

No patient information is shared with Xero.


Webflow is where we host our the Finger-Ink website. We do not currently process any of your data with this service, but there was a time when we asked for your name and email address before downloading the app — and this is where it was collected.

No patient information is shared with Webflow.


We use Google Docs for team collaboration on policies and legal documents. We don't generally store any of your information here. We do not use Google Analytics.

No patient information is shared with Google.


Migadu is our email hosting provider for any non-Intercom address. As such, all email communication we send and/or receive through these addresses go through Migadu. We do not generally mention specific customers over email so your information shouldn't be there.

No patient information is shared with Migadu.


Channels is our phone service provider. Our phone numbers are hosted with them. When we call you — we're doing it through Channels. We do not currently use their call recording feature. We do make notes of our conversations.

Patient information is only ever shared with Channels if you choose to share it on a call.


ProfitWell is our company analytics provider. We use them to keep track of our KPIs, such as monthly recurring revenue. Your company name, your email address and your billing history is stored in ProfitWell.

No patient information is shared with ProfitWell.

What we store about you and your patients on your iPad(s)

☝️ New updates for the next release (est. Jan 2022)

Your plaintext API keys are no longer stored on the iPad. Instead, a device authentication token is stored securely in the keychain to authenticate with our server.

Almost everything we store about you on our servers, plus:

  • Your device authentication token.

  • Your account ID.

  • All information provided to you by your patients.

  • Metadata allowing normal operation of the app (such as your form definitions, details about which filled forms need processing / pushing to Cliniko etc.)

This information is also encrypted on your device — any time the app isn't in the foreground. (so it's encrypted if the iPad is asleep, or if you're in another app).

If someone gets the iPad and goes into our app without you knowing, they still have to guess your iPad passcode and the Finger-Ink passcode to get into the admin area, where patient information is kept.

The biggest risk to your patients' data is losing an iPad. If this happens, the first thing you should do is revoke access to this device through the Finger-Ink portal. The second is to remotely wipe the lost iPad.

You're amazing 🤩

If you've made it this far — well done! I know that's a lot to take in. If you have any questions whatsoever, please don't hesitate to reach out to us. Either at support@finger-ink.com, or using the chat bubble in the bottom right-hand corner of most of our products. Thank you for reading. ❤️

Did this answer your question?