Ancient logic. Modern clinical systems.

Security & Compliance

Security & Compliance

Independent verification and technical architecture overview for Enki-Clinical.

Architecture

Platform Security Architecture

Hosted behind Cloudflare's global edge network
HTTPS enforced across all endpoints
TLS 1.2 and TLS 1.3 supported
No executable downloads distributed to end users
No background remote code execution on client devices
Static Progressive Web App (PWA) architecture
No third-party script injection
No server-side code execution originating from client devices
Offline-first design using browser-native service workers
Clinical decision-support only — no administrative system access
Verification

Independent Security Verification

A Grade
TLS Configuration — Qualys SSL Labs
Tool: ssllabs.com — Qualys Inc.

Qualys SSL Labs tests the quality of the server's TLS configuration: supported protocol versions, cipher suites, key exchange strength, HSTS headers, and known vulnerabilities. All four Enki-Clinical production servers scored Grade A (assessed 18 Feb 2026).

View SSL Labs Report →
0 / 0 Detections
Malware & Threat Scan — VirusTotal
Tool: virustotal.com — Google LLC

VirusTotal aggregates results from 90+ antivirus engines and URL scanners to detect malicious content, phishing, and drive-by downloads. No security vendor flagged www.enki-clinical.com as malicious at the time of the most recent scan.

View VirusTotal Report →
CRT Transparency
Certificate Transparency Log — crt.sh
Tool: crt.sh — Sectigo / Certificate Transparency

crt.sh is a public Certificate Transparency log search engine that independently records every TLS certificate ever issued for a domain — including issuer, validity period, and domain coverage. This is distinct from SSL Labs, which scores how TLS is configured, not what certificate was issued and when.

View Certificate Log →
Safe Google
Safe Browsing Status — Google Transparency Report
Tool: transparencyreport.google.com — Google LLC

Google's Safe Browsing service checks whether a URL has been flagged for phishing, malware, or unwanted software in Google's threat database, which powers Chrome, Firefox, and Safari browser warnings worldwide. www.enki-clinical.com returns a safe status.

View Google Safety Report →
Privacy

Data & Privacy Statement

  • Enki-Clinical does not transmit patient-identifiable data to any third party.
  • No background analytics are embedded inside clinical application engines.
  • No hidden tracking scripts are present inside core clinical calculation engines.
  • No executable files are distributed to end-user devices.
  • No installation is required beyond standard browser-based access. Applications run entirely within the browser environment.
IT Guidance

For Hospital IT & Security Teams

Access & Network Verification

If network security systems restrict access to Enki-Clinical applications, administrators may review the following independent assessments prior to any access decision:

  • Qualys SSL Labs — Grade A TLS configuration on all production servers
  • VirusTotal — zero detections across 90+ security vendors
  • crt.sh — publicly logged certificate transparency record
  • Google Safe Browsing — no phishing or malware flags
  • Cloudflare TLS enforcement — HTTPS mandatory on all endpoints
  • Static client-side PWA — no server execution from client devices

If required, the following wildcard domain may be allowlisted:

*.enki-clinical.com