Access control and admin access

How platform and clinic access should be controlled, reviewed, and explained to clinics in a simple way.

Current platform approach

Clinic users are separated by role so the same permissions are not granted to every staff member.

Admin, receptionist, and practitioner flows are intentionally different because their responsibilities are different.

Platform-level and infrastructure-level access should remain more restricted than normal clinic operations access.

Who has access to production infrastructure and how that access is reviewed

How staff access is removed when a team member leaves

How privileged actions are audited or double-checked

Whether multi-factor authentication is required or planned

More trust pages

Security overview Privacy and data handling Subprocessors Retention and deletion Incident response Backups and restore Monitoring and uptime Terms, privacy notice, and legal documents Security contact and responsible disclosure