Your patients' data is
safe with us
Medical clinics process sensitive personal data. That's why security is our top priority — not an afterthought.
AES-256 Encryption
All data stored in the database is encrypted using AES-256 — the same standard used by banks and government institutions. Encryption keys are rotated automatically.
- Data-at-rest encryption (AES-256)
- Data-in-transit encryption (TLS 1.3)
- Encrypted backups
- Per-tenant keys
Automatic Backups
The database is backed up daily automatically by Supabase. Backups are retained for 30 days, and data can be restored to any selected date.
- Daily backup (0:00 UTC)
- 30-day retention
- Point-in-time restore
- Geo-redundant backup
GDPR Compliance
Palyri is designed in accordance with GDPR requirements. We process data solely for service delivery. On request, patient data is deleted within 72 hours.
- Database in the European Union
- DPA (data processing agreement)
- Right to be forgotten
- Record of processing activities
Access Control (RBAC)
Every clinic employee has a role with precisely defined permissions. An administrator can revoke access or change permissions for any individual at any time.
- Roles: Admin, Manager, Receptionist
- Per-clinic access (multi-tenant)
- Activity log
- 2FA (coming soon)
EU Hosting
Palyri infrastructure is located exclusively on Supabase and Vercel servers in Europe (Frankfurt, Dublin). Data never leaves EU territory.
- Supabase EU (Frankfurt)
- Vercel Edge EU
- No data transfers to the USA
- SLA 99.9% uptime
Audit & Monitoring
We monitor system security 24/7. Suspicious activity is detected automatically, and access logs are retained for 12 months.
- 24/7 monitoring
- Security alerts
- Access logs 12 months
- Penetration testing (annually)
Data Processing Agreement (DPA)
Every Palyri client receives a standard data processing agreement compliant with Article 28 of the GDPR. The agreement is signed electronically — no bureaucracy. If your clinic requires custom clauses, contact us.
Ask about DPA