Skip to main content
Clickless
HIPAA-Aware Design

Security and Privacy, Built Into Every Layer

Clickless is designed from the ground up with healthcare data sensitivity in mind. Here is exactly what we do — and what we don't claim.

What We Mean by “HIPAA-Aware”

Clickless is designed with HIPAA-aware architecture principles. We support Business Associate Agreements (BAA) for eligible covered entities and business associates. However, Clickless is not a covered entity, does not act as your compliance officer, and does not guarantee your organization's HIPAA compliance. Please consult qualified legal and compliance counsel for your specific obligations.

Designed with Healthcare Compliance in Mind

We can't do your job for you — but we can make it easier to do it safely.

In Transit + At Rest

End-to-End Encryption

All data is encrypted in transit using TLS 1.2+ and at rest using AES-256.

HIPAA Principle

Minimum Necessary Access

Clickless limits task context to what is needed for each workflow and avoids retaining unnecessary information after the task is completed.

RBAC

Role-Based Access Control

Granular role definitions control which users can configure automations, view audit logs, or approve actions.

Compliance-Ready

Immutable Audit Logs

Every automated action, task, login, configuration change, and data access event is written to a tamper-evident log with cryptographic timestamps.

BAA Available

BAA Support

Clickless offers a Business Associate Agreement for eligible customers operating as covered entities or business associates under HIPAA. Contact us before going live with PHI.

Supply Chain

Subprocessor Transparency

We maintain a public subprocessor list and notify customers of material changes. Our infrastructure providers hold SOC 2 Type II certification.

Incident Response

Breach Notification

Clickless maintains documented incident response and breach notification procedures. Customers are notified within contractual timelines consistent with the HIPAA 60-day rule.

US Region

US Data Residency

Customer data is processed and stored in US-based cloud regions. Data is not transferred outside the United States without explicit customer consent and appropriate safeguards.

Clickless is designed with HIPAA-aware architecture. We support Business Associate Agreements (BAA) for eligible customers.

What Clickless Does NOT Do

  • Clickless does not diagnose, treat, or recommend clinical care for patients.
  • Clickless does not guarantee your organization's compliance with HIPAA, state privacy laws, or any other regulation.
  • Clickless does not collect or store PHI entered into our public website contact forms.
  • Clickless is not a substitute for qualified legal, compliance, or clinical expertise.
  • Clickless is not a covered entity under HIPAA.

Have a Security Question?

Our team is happy to answer compliance, BAA, and architecture questions before you evaluate Clickless.

Contact Security Team