Security
Controls that protect accounts and clinical data
Endora applies practice separation and backend access controls. This page describes real practices without claiming certifications the product does not hold.
Account access
Access requires an authenticated account. Sessions, permissions and account states are validated by the Endora API.
Passwords should not be shared, and each person should use separate credentials.
Practice isolation
Endora is multi-tenant: patients, appointments, treatments, images, reports and other operational data belong to a specific practice.
Protected queries are scoped to the tenant, while platform administration remains separate from practice roles.
Private clinical files
Clinical images and PDFs are stored as private objects; the database keeps their metadata and relationship to the case.
Downloads and shared links must use authorized routes or temporary, revocable mechanisms.
Transport and operations
- The public website and application use HTTPS.
- Production includes operational backup and restoration procedures.
- Security headers restrict framing, MIME sniffing and browser permissions.
- Endora does not currently claim security or compliance certifications that have not been formally obtained.
Explore Endora with one account and choose the plan that fits your practice later.
Create account