Your patient data never leaves your machine
Clinosys follows a strict local-first model. No cloud sync, no telemetry, no online accounts.
Your patient data never leaves your machine
Clinosys follows a strict local-first model. No cloud sync, no telemetry, no online accounts.
AES-256-GCM encryption
All identifiable info, clinical notes and documents are encrypted at the column level. The key never leaves your machine.
Morning-passphrase model
A clinic passphrase entered at startup derives via Argon2id the KEK that unlocks the DEK, NEK and DOK keys. Held in memory only.
SHA-256 chained audit
Every action — consultation, print, export — is logged and cryptographically linked to the previous one. Impossible to tamper with undetected.
Local-first, always
SQLite encrypted on disk. No cloud server. No telemetry. An internet connection is never required to work.
Role-based access control
7 predefined roles (Owner, Director, Doctor, Head Nurse, Nurse, Secretary, Assistant) with a granular permission matrix.
Aligned with Loi 09-08
Architecture designed to respect Morocco's personal data protection law — consent, minimization, right of access.
How your keys live throughout the day
Passphrase entered once
The owner enters the clinic passphrase at startup. Argon2id derives the KEK, which unlocks DEK (patients) / NEK (notes) / DOK (documents).
Staff log in normally
Each user signs in with their password. The server encrypts and decrypts in memory on the fly. Auto-lock after inactivity.
Keys wiped on shutdown
When the app closes, the DEK/NEK/DOK keys are wiped from memory (zeroize). The disk contains only encrypted data.
Ready to modernize your practice?
Join the early access list. No commitment — just news when your version is available.