We take data security seriously. No patient data is stored on our servers, ever.
It's encrypted on device, and encrypted in transit to Cliniko.
Security Q&A
What data do you store and where do you store it?
We do not store any patient data on our servers, ever (not even for a little bit). This isn't the right place to go into great detail, so instead we've written a handy guide on your data in Finger-Ink for just such an occasion.
How is my patient data on my iPad protected?
We use Apple's Complete File Protection to ensure that your patient data is only accessible to the iPad when the Finger-Ink app is on screen.

A passcode (that you set) is required to access the admin area to see any patient information — a patient filling out a form cannot access other patient information without this passcode.
Is Finger-Ink GDPR compliant?
We sure are. Check out our EU-Addendum, Terms of ServicePrivacy Policy.
Can I use Finger-Ink as part of my GDPR compliance?
Absolutely! We even have a #privacy-policy hashtag for you to use while defining your forms — which updates the Privacy Policy Flag on the patient record in Cliniko.
Why does it matter that no patient data is stored on your servers?
The more places your patient data is stored, the more opportunity there is for unauthorised access that your patient data. The best way to secure data against unauthorised access is to not have it in the first place. This way, in the extremely unlikely event that someone broke into our servers, your patient data is still safe.
I entered in my API key into your app, does that mean you have it now?
No — we can't see or use your API key ourselves unless you explicitly give one to us (which can happen if we're helping you through an issue over email or chat).

When you enter an API key into the app for the first time, it's stored locally on the iPad. It's also sent to our servers so we can create an account for you. Once our servers verify that the API key is valid and your account is created, we mangle the API key before storing it. In this way, we can't possibly un-mangle it. We only keep it so that we verify any future communication from your iPad against an account that already exists.

(if you're interested, we use a cryptographic hash function to do the mangling).
Got a question we haven't answered here? Ask away via chat.