Finger-Ink takes the security of your information, and that of your patients, very seriously. All our systems are designed with security and privacy in mind.
We use a HIPAA-compliant host
We employ Healthcare Blocks to manage our server infrastructure. They specialise in managing cloud services for digital health startups, like us, with high compliance needs. They make sure that all system access is logged, the latest security updates are in place and that system alerts are in place and monitored.
Your data is encrypted
All data on our servers is encrypted at rest using disk-level encryption, configured by Healthcare Blocks.
All data on your iPad(s) is encrypted using Apple's Complete File Protection. This ensures that your data is only accessible to the iPad when the Finger-Ink app is on screen. A passcode (that you set) prevents any patient accessing information they shouldn't.
All communication between our servers, your device(s) and/or Cliniko's servers is encrypted in transit.
Your API keys are further encrypted once more in our application. Even in the very unlikely event that someone gained access to our database, they wouldn't be able to gain access to your Cliniko account.
What we store about you and your team on our servers
Your first and last names (so we know how to address you)
Your business name (see above)
Your email address (so we can contact you — e.g. for trial expiry notices, billing issues etc.)
A link to your subscription in our payment processor, Stripe (so we can bill you)
When you signed up (so we can calculate your trial)
When you activated your account
When your trial expires
The number of practitioners you have on your Cliniko account (so we know what plan to put you on)
A list of IDs of the businesses you have on Cliniko (i.e. if you have multiple locations setup in Cliniko, these are known as different businesses) (we only want every business having one account, so we use this list to match against if you ever decide to use a different API key than the one you with which you first signed up)
Your Cliniko account ID
A guess at your currency code e.g. AUD (we look at your currency symbol and Cliniko country to work this out)
A one-way hash of your Cliniko API key(s) (this is used to match your iPads against your account so we know who you are — so we can let you know if your trial has expired or if you've exceeded the number of allocated practitioners on your account and need to upgrade)
A list of users from your Cliniko account, their email addresses, roles and encrypted API keys where we've been given them (so we can perform actions within your Cliniko account not only from your connected iPad, but also from our server)
Your Finger-Ink Forms
Your Cliniko referral source types, custom patient fields & concession types
Your Finger-Ink Settings
What we store about your patients on our servers
We store form responses from the iPad app and web.
This patient data is stored to allow re-processing. This data is stored indefinitely until you delete the response. After deleting, the data is removed.
If enabled, we will also store a backup of the patient record alongside the form response. This will also be removed if the response is deleted.
Our server is hosted with a HIPAA-compliant host. This doesn't mean we're HIPAA compliant yet, but it means that extra precautions are taken with our database, its backups, and any access.
Our entire database is protected by encryption at disk-level by our HIPAA-compliant host.
Title, first names, last name, preferred first name, date of birth, email address, mobile phone and the patient & appointment IDs from the filled form (if available) are stored at this disk-level of encryption to allow for searching of forms through the inbox.
Other filled form data (i.e. any field on a form not included in the point above) and patient record backups are also stored at this disk-level encryption.
There is some data that we don't store in a database, but we keep in memory on the server to provide to connected iPads:
Your recent appointments (2 days ago, yesterday, today, tomorrow, the next day) — stored alongside basic patient information (name, DOB, email) used for self check-in.
A list of your appointment types.
A list of your practitioners.
Third party integration
We keep third-party integration to a minimum. The full list of our sub-processors can be found in our Data Processing Addendum.
No patient information is shared with any of our sub-processors — except for Cliniko.
Obviously, we interact with Cliniko in a huge way. We use the API key(s) you provide us to communicate with their servers both regularly in our app and, the first time you connect with us, from our servers.
We communicate with Cliniko to
Get your appointments
Get patient information before filling out a form
Send updated patient information
Attach PDFs to patient records
Get a list of your treatment note templates
Get a specific treatment note template that you've selected
Create draft treatment note templates
Get your practitioner and user settings to determine if we need to provide for any other API keys to be entered into the app
Get your settings to determine your online booking logo image, company name and email address
Get your settings to determine your billing currency, administrator name, administrator email address and your company name — so we can use these to create a Finger-Ink account for you
Get a list of your business IDs (so if you connect with a different API key in the future, we can match this to a previous account of yours if one exists)
Get a list of users so we know in which plan to place you, and so user accounts can be created in Finger-Ink for the rest of your team
We may also communicate with Cliniko to
Download your referral source types, custom patient fields & concession types
Download treatment note templates & patient form templates
We use Datadog to monitor our infrastructure and diagnose errors when they occur. By default, we do not log any patient data. Occasionally when errors occur patient data ends up in log files. We use these logs to diagnose and fix any issues, then remove them.
Datadog are fully HIPAA compliant. Furthermore, all log files are deleted after 15 days.
We use Intercom as our customer support service. Any time you send an email to email@example.com, firstname.lastname@example.org or contact us through the chat button on the website, or in the app, it goes through Intercom's servers.
We also send key events from the app so we can better serve you — e.g. when you first load the app, when you have filled out your first form, when you've imported a template from Cliniko etc.
Patient and appointment IDs are sometimes shared with Intercom to assist with debugging, but no other patient information is shared.
We use Stripe as for subscription billing. To facilitate this, the following information about your subscription is stored with Stripe:
Your subscription plan
Your billing address
Your billing email address
Your credit card details — name, number, expiry date (we can't access these, see Stripe's security documentation)
A history of your transactions with us
No patient information is shared with Stripe.
Sentry is a service we use to let us know when the iPad app crashes, or exceptions occur within the web app.
No patient information is explicitly shared with Sentry. Occasionally patient information might come through in a crash exception. This information is treated with the utmost care, and is deleted as soon as we have resolved the issue.
Slack is our company communication service — we use it to plan features, collaborate on supporting you, our customers, and for general company communication.
We occasionally mention company names and first names during this communication.
No patient information is shared with Slack.
Github is where our application source code is hosted. We also use it to plan features. We occasionally tag planned features or bugs with company and customer names.
No patient information is shared with Github.
Quip is like Google docs, and it allows collaboration on documents across our team. We use it to collect the results of optional surveys you may take.
No patient information is shared with Quip.
Xero is our accounting software. When payments come in, they need to be matched against our bank account. Xero is how we do that. Your name, your company name and your billing address may be stored within Xero.
No patient information is shared with Xero.
Webflow is where we host our the Finger-Ink website. We do not currently process any of your data with this service, but there was a time when we asked for your name and email address before downloading the app — and this is where it was collected.
No patient information is shared with Webflow.
We use Google Workspace for team collaboration on policies, legal documents and Form conversions. We don't generally store any of your information here unless we're performing a Form Review or Form Conversion for you. If so, we store the Form Templates you've sent us and information around the conversion process itself. We do not use Google Analytics.
No patient information is shared with Google.
Migadu is our email hosting provider for any non-Intercom address. As such, all email communication we send and/or receive through these addresses go through Migadu. We do not generally mention specific customers over email so your information shouldn't be there.
No patient information is shared with Migadu.
OpenPhone is our VOIP phone service provider. Our phone numbers are hosted with them. When we call you — we're doing it through OpenPhone. We do not currently use their call recording feature. We do make notes of our conversations.
Patient information is only ever shared with OpenPhone if you choose to share it on a call.
Paddle (previously Profitwell) is our subscription analytics provider. We use them to keep track of our KPIs, such as monthly recurring revenue. Your company name, your email address and your billing history is stored in Paddle.
No patient information is shared with Paddle.
What we store about you and your patients on your iPad(s)
Almost everything we store about you on our servers, plus:
Your device authentication token.
Your account ID.
All information provided to you by your patients.
Metadata allowing normal operation of the app (such as your form definitions, details about which filled forms need processing / pushing to Cliniko etc.)
This information is also encrypted on your device — any time the app isn't in the foreground. (so it's encrypted if the iPad is asleep, or if you're in another app).
If someone gets the iPad and goes into our app without you knowing, they still have to guess your iPad passcode and the Finger-Ink passcode to get into the admin area, where patient information is kept.
The biggest risk to your patients' data is losing an iPad. If this happens, the first thing you should do is revoke access to this device through the Finger-Ink portal. The second is to remotely wipe the lost iPad.
Finger-Ink is compliant with, and helps you comply with the APPs, we do the same for the GDPR and the New Zealand Privacy Act 2020.
You're amazing 🤩
If you've made it this far — well done! I know that's a lot to take in. If you have any questions whatsoever, please don't hesitate to reach out to us. Either at email@example.com, or using the chat bubble in the bottom right-hand corner of most of our products. Thank you for reading. ❤️