Built for Africa · NDPA 2023 compliant

One identity.
One audit trail.
One record.

Most healthcare software re-implements auth, audit, and records in every product. Fastclinic puts them under every product — so each new app inherits identity, a hash-chained audit trail, and a patient-controlled record system by default, not by integration.

Request a Demo Explore the Platform
NDPA 2023 compliantAfrican data residency7-yr WORM audit · AES-256-GCM envelope
AES-256-GCMNDPA 2023FHIR R4OAuth2 / OIDCEd25519WebAuthnHash-chained auditPer-record envelope encryptionOry KratosOry HydraWORM retentionConsent-scoped accessAES-256-GCMNDPA 2023FHIR R4OAuth2 / OIDCEd25519WebAuthnHash-chained auditPer-record envelope encryptionOry KratosOry HydraWORM retentionConsent-scoped access
Built on
NDPA 2023Nigeria Data Protection Act
NDPR-alignedNigeria Data Protection Regulation
FHIR R4HL7 standard health records
OAuth2 / OIDCStandards-based identity
AES-256-GCMPer-record envelope encryption
Platform

Four products. One platform underneath.

Every Fastclinic product is built on a shared foundation — one identity, one currency, one record system. You don’t stitch them together. We did.

01 / 04

FastLogin

Identity

The identity layer of the Fastclinic ecosystem. One account, one login, every product. Secure, multi-factor authentication with built-in provider verification.

  • OAuth 2.0 / OIDC
  • WebAuthn + TOTP
  • KYC-verified providers

Inherits: the foundation everything else builds on

Explore FastLogin
02 / 04

FastCredits

Ledger

The universal currency of the Fastclinic ecosystem. Purchase credits once and spend them across any product — simplified billing, complete flexibility.

  • Hold / capture / release
  • Idempotent charges
  • Credits never expire

Inherits: identity

Explore FastCredits
03 / 04

OneHealth

Records

Secure, consent-based platform for storing and sharing Protected Health Information. Metered and timed access with full regulatory compliance.

  • Per-record AES-256-GCM
  • Hash-chained audit
  • 7-yr WORM retention

Inherits: identity, ledger

Explore OneHealth
04 / 04

Doorcta

Telehealth

On-demand doctor matching that connects patients with qualified doctors in under 30 seconds, powered by responsible AI.

  • Sub-30s match
  • Video / voice / chat
  • Human-in-the-loop AI

Inherits: identity, ledger, records

Explore Doorcta
See all solutions

What is shipped

The receipts.

AES-256

per-record envelope encryption

Every record has its own DEK · GCM mode

7 yr

tamper-evident audit retention

Hash-chained · WORM export daily

FHIR R4

standard record export

Patient · Observation · Consent · Provenance

Ed25519

signed on every DSAR

Detached manifest · verifiable with a public key

48 h

erasure cool-off window

NDPA-aligned reversibility window

18 ctry

ID database validation

NIN · BVN · CURP · DNI — powered by Didit

Every line on this grid maps to a merged subsystem. Ask for the commit hash.

The Stack

One platform. Four layers. All yours.

Every product you see — and every product we ship next — rides on the same three foundation layers. That is the bet.

Layer 04

Products

Layer 03

OneHealth

Layer 02

FastCredits

Layer 01

FastLogin

bottom → foundation · top → product surfaces

Products

Layer 04

Doorcta today. EMR, lab, pharmacy tomorrow. Every new surface plugs into the same three layers below.

DOORCTAEMR · LAB · PHARMACY · ROADMAP

OneHealth

Layer 03

Records layer. Per-record AES-256-GCM envelope encryption. Patient-granted, time-boxed access. Hash-chained audit of every read.

RECORDS APICONSENT ENGINEFHIR R4 DSAR

FastCredits

Layer 02

Currency layer. Auto-created with your FastLogin account. Hold / capture / release semantics power every metered action.

SINGLE BALANCEIDEMPOTENT LEDGERORG ACCOUNTS

FastLogin

Layer 01

Identity foundation. Ory Kratos + Hydra. Passkey, TOTP, backup codes. KYC-verified provider credentials. OAuth2 into everything above.

OAUTH 2.0 / OIDCWEBAUTHN + TOTPKYC-VERIFIED
See how the layers connect
How it works

From assessment to scale in four steps.

Getting onto Fastclinic is straightforward. Here is how we partner with healthcare organisations.

01

Step 01

Assess

We analyse your workflows, regulatory profile, and infrastructure to identify the right combination of Fastclinic products.

02

Step 02

Choose

Start with the surfaces you need — Doorcta, OneHealth, FastCredits — connected through a single FastLogin identity.

03

Step 03

Implement

Our team handles deployment, data migration, integration, and staff training with a proven five-phase rollout.

04

Step 04

Scale

Add facilities, onboard more providers, and expand regions — on one platform, one identity, one ledger.

See it in action

Three surfaces. One ecosystem.

Illustrative mockups of the experiences we are designing. Same identity, same ledger, same audit chain — different audiences.

Your health, on your terms. Book, pay with credits, and decide who sees what.

patient.fastclinic.xyz
2 active grants

Good morning

Chiamaka Okafor

FastCredits

340.00

Next consultation

Dr. A. Adebayo — Cardiology

Tomorrow · 09:30 · Video consultation

Heart rate

72bpm

Blood pressure

118/76

Status

Stable

Active access grants
  • Dr. Ahmad29d left
  • LifeLabs Diagnostics7d left

Recent records

  • Consultation — Dr. A. Adebayo

    14 Apr 2026

    General

  • Lab panel — Full metabolic

    02 Apr 2026

    Lab

  • Prescription — Lisinopril 10mg

    01 Apr 2026

    Rx

Dr. Adebayo shared a pre-consultation note. Open before your appointment.

Developers

Three products. One OAuth2 flow.

Sign users in with FastLogin. Get an access token. Use it everywhere — to check their FastCredits balance, to open a metered OneHealth session, to export a FHIR R4 bundle. No per-product auth theatre.

  • Standards-based OAuth2 / OIDC — not a bespoke scheme
  • Idempotency keys on every state-changing call
  • Signed Ed25519 manifests on every DSAR export
  • JWKS with a 5-min in-memory cache on the resource side
Read the developer docs
fastlogin.http
1# 1. Redirect the user
2GET https://login.fastclinic.xyz/oauth2/auth
3  ?client_id=your_app
4  &scope=openid%20profile%20credits.read%20phi.read
5  &response_type=code
6  &code_challenge_method=S256
 
8# 2. Exchange code for tokens
9POST /oauth2/token
10  grant_type=authorization_code
11  code_verifier=<pkce_verifier>
 
13-> 200 { access_token, id_token, refresh_token }
14   access_token: 15 min · refresh rotates every use
httpillustrative · not a live endpoint

FastCredits

One Currency. Every Product.

FastCredits is the universal currency of the Fastclinic ecosystem. Linked to your FastLogin identity, your credit balance travels with you across every product — simplified billing, complete flexibility.

Buy once, use everywhere

A single credit balance powers every Fastclinic product — Doorcta, OneHealth, and more.

Linked to your identity

Your FastCredits account is created automatically with your FastLogin account. One identity, one balance.

Volume discounts

The more credits you purchase, the lower your effective cost per unit.

Credits never expire

Your investment is protected — use credits on your own timeline.

Learn more about FastCredits
Who this is for

Three people. The same infrastructure.

Fastclinic is designed so patients, providers, and developers all get the same underlying guarantees — just through different surfaces.

Patient

  1. 1

    Grant access

    Chiamaka allows Dr. Adebayo to view her records for 30 days.

  2. 2

    Stay informed

    Every view is logged. She can inspect the audit trail at any time.

  3. 3

    Auto-expire

    30 days later, access revokes — no action required.

See the flow

Provider

  1. 1

    Open a session

    Dr. Adebayo starts a consent-gated session; FastCredits holds 10 credits.

  2. 2

    Read what is needed

    Each record opened is scoped, timestamped, and hash-chained.

  3. 3

    Close the session

    Actual usage is captured; the rest is released back to the balance.

See the flow

Developer

  1. 1

    Sign in users

    Register an OAuth2 client; redirect to FastLogin; receive tokens.

  2. 2

    Use one token

    Same access token reads balances, starts sessions, and exports records.

  3. 3

    Ship faster

    No bespoke auth, no per-vendor billing plumbing, no audit glue.

See the flow
DSAR export

Your records. Actually yours.

File a Data Subject Access Request and receive a signed, encrypted, standards-compliant archive — not a dump, not a screenshot, not a 90-day wait.

~/downloads/
11 files · 2.4 MB
  • patient-dsar-2026-04-23.zip
  • manifest.json
  • manifest.json.sig
  • fhir/
  • patient.ndjson
  • observation.ndjson
  • consent.ndjson
  • provenance.ndjson
  • audit-event.ndjson
  • documents/
  • consultation-notes.pdf.enc
  • README.txt

Signature · verified

Manifest signed with the OneHealth DSAR service key.

algo ed25519
sig 2f7a9c1e…8b1d4f09
issuer onehealth.dsar.v1

Per-document encryption

Every attached document carries its own AES-256-GCM key. Losing one key does not compromise the rest.

FHIR R4 · not a proprietary dump

Records ship as HL7 FHIR R4 resources. Any FHIR-aware system can read them — including yours.

Why Fastclinic

Built Different. Built Better.

Fastclinic isn't just another vendor. We're a platform company purpose-built for the complexities of modern healthcare delivery.

Integrated Platform

Every product shares one identity (FastLogin), one currency (FastCredits), and one health record system (OneHealth). No fragmentation, no vendor sprawl.

Built for Africa

Designed for the realities of African healthcare — intermittent connectivity, local regulations, and diverse facility types from rural clinics to teaching hospitals.

Enterprise-Grade Security

Encryption at rest and in transit, role-based access controls, audit logging, and full compliance with Nigeria's Data Protection Act.

Responsible AI

AI that augments clinicians, never replaces them. Built with bias testing, transparency, human oversight, and patient safety guardrails.

Promise

Fastclinic is S.A.F.E.

Four promises. Plain English. No fine print.

SSecure

Your records, locked by default.

  • Encrypted by default
  • NDPA 2023 compliant
  • Hosted in Africa

AAccountable

Every action leaves a receipt.

  • Every read is logged
  • Records kept 7 years
  • Nothing changes quietly

FFair

Credits make pricing transparent. No hidden fees.

  • Every charge itemized
  • Credits never expire
  • One balance, every product

EEmpowering

Your records, your call.

  • Grant access in seconds
  • Revoke anytime
  • Take your data with you
Integrations

The ecosystem we stand on

Fastclinic is built on named, battle-tested infrastructure. Not a proprietary black box.

O

Ory Kratos

Identity

O

Ory Hydra

OAuth2 / OIDC

P

Paystack

Payments

D

Didit

KYC / AML

H

HashiCorp Vault

KMS

P

PostgreSQL

Datastore

R

Redis

Cache

A

AWS S3

WORM audit

F

FHIR R4

HL7 standard

R

Resend

Transactional email

W

WebAuthn

Passkey MFA

E

Ed25519

DSAR signing

O

Ory Kratos

Identity

O

Ory Hydra

OAuth2 / OIDC

P

Paystack

Payments

D

Didit

KYC / AML

H

HashiCorp Vault

KMS

P

PostgreSQL

Datastore

R

Redis

Cache

A

AWS S3

WORM audit

F

FHIR R4

HL7 standard

R

Resend

Transactional email

W

WebAuthn

Passkey MFA

E

Ed25519

DSAR signing

Why integrated

The fragmented stack has a cost.

Most healthcare organisations buy five or six point solutions and spend the next two years gluing them together. Fastclinic is what you get when identity, billing, and records were designed together on day one.

Dimension
The fragmented stack
Fastclinic
User identity
Separate login per vendor. Passwords reset monthly.
One FastLogin account. OAuth2 into every product.
Billing
N invoices, N procurement cycles, N reconciliations.
One FastCredits balance. Hold / capture / refund everywhere.
Patient records
Records trapped inside each vendor’s system.
OneHealth stores records once; products request access.
Consent
Paper forms, per-vendor toggles, no revocation trail.
Patient-granted, time-boxed, revocable — audited per read.
Audit trail
N separate logs. Export to reconcile. Writable in place.
One hash-chained, append-only log. WORM export daily.
Data subject requests
Email, screenshot, wait weeks, incomplete export.
Signed FHIR R4 ZIP, delivered inside the statutory window.
Integration
Custom per vendor. Each auth flow is bespoke.
Same OAuth2 / OIDC shape across every product.
Security

Security you can verify, not just trust.

Every claim on this page maps to a shipped subsystem with a real interface, a real schema, and a real audit line. Here are the six that matter most.

Per-record envelope encryption

Every record has its own AES-256-GCM data encryption key. The DEK is sealed with a KMS-held master key. Compromising one record does not cascade.

Hash-chained audit log

Every audit event includes the hash of the previous event. Append-only at the trigger level. Break the chain and it is cryptographically detectable.

Phishing-resistant MFA

WebAuthn / passkey, TOTP, and one-time backup codes. Mandatory for every account. No SMS fallback to social-engineer around.

Ed25519-signed DSAR exports

Every archive ships with an Ed25519 signature over its manifest. Patients verify integrity with a public key — no trust in us required.

WORM audit retention

Daily audit-root exports land in a write-once, read-many S3 bucket in a separate AWS account. 7-year retention. Independently auditable.

Consent is a first-class object

Access grants are time-boxed, purpose-scoped, and revocable mid-session. Access attempts beyond consent return 403 — not a softer signal.

security.txt · architecture notes · threat model

Read the trust page →

Built in Nigeria

Designed for the regulatory environment we live in.

Fastclinic Limited (RC 1919428) is incorporated in Nigeria and operates in compliance with the Nigeria Data Protection Act 2023. Compliance is not a localisation layer — it is the architecture. NDPA 2023 consent semantics, NDPR retention rules, and the National Health Act sit alongside the schema, not on top of it.

Controller
Fastclinic Limited
RC number
1919428
Compliance
NDPA 2023 · NDPR
Roadmap

Where we are. Where we’re going.

We do not pre-announce. These lanes reflect what is merged, what is actively being built, and what is committed to next.

Shipped
  • FastLogin — identity + OAuth2 + KYC
  • FastCredits — hold/capture ledger
  • OneHealth — records API + documents
  • OneHealth — audit chain + DSAR export
  • OneHealth — emergency access protocol
  • Admin / DPO console — compliance reporting
In development
  • Doorcta — telehealth consultations
  • Doorcta — mobile patient + provider apps
  • OneHealth — TypeScript client SDK
  • Admin — cross-product search
On the roadmap
  • EMR integration surface
  • Pharmacy product
  • Lab / diagnostic results ingestion
  • International expansion
FAQ

Plain answers.

No marketing fog. If the answer changes, we update this section.

Ready to transform your healthcare organization?

See how Fastclinic's integrated platform can modernize your operations, improve patient outcomes, and drive growth.

Request a Demo Contact Sales