Backend-only Cliniko keys
Cliniko API keys are submitted to the backend and stored as secrets. The dashboard does not keep the key in browser storage, and database rows store only references and fingerprints.
Security approach
Built for clinics that need practical, privacy-aware automation.
MyHealthFollowup is designed around a conservative health-data posture: keep Cliniko as the source of truth, minimise copied patient data, handle secrets on the backend, and make operational activity visible without exposing more information than needed.
Minimal patient data
Patient and appointment details are fetched close to send time where practical. The product is designed to avoid becoming a shadow clinical record.
Preference checks before send
Before delivery, the send path checks current Cliniko communication settings so reminder and follow-up emails respect patient preferences.
Redacted operations
Delivery events and dashboard previews are designed to show useful operational status without exposing recipient email addresses unnecessarily.
Data handling
Store configuration, not a second patient record.
The product stores the clinic configuration needed to send messages: templates, rules, delivery state, audit entries, and billing state. Patient information should stay in Cliniko unless it is needed at send time.
Cliniko API keysStored as backend secrets with database references only.
Templates and rulesStored per clinic with role-based access controls.
Patient detailsFetched from Cliniko as late as practical for rendering and delivery decisions.
Logs and eventsRedacted by default, with delivery outcomes visible for support and troubleshooting.
BillingHandled through Stripe Billing; payment card details are not stored by MyHealthFollowup.
Operational safeguards
Controls that matter in day-to-day clinic work.
Clinic-scoped users and roles
Audit history for sensitive configuration changes
Idempotent scheduling to avoid duplicate sends
Cancelable and retryable scheduled messages
Clear skipped-message reasons for preference and eligibility checks
Australian AWS region target for production infrastructure
Experience-informed engineering
Built with experience from critical digital health infrastructure.
The backend approach is informed by hands-on engineering experience in regulated digital health environments. That does not replace formal certification or a clinic privacy review, but it shapes the product decisions: explicit tenancy, conservative logging, backend secret handling, auditable changes, and patient-data minimisation.