ClinicOS ("we", "us", "our") is committed to protecting the privacy of doctors, clinic staff, and patients who use our platform. This Privacy Policy explains what information we collect, how we use it, and the choices you have. It is written in plain language for clarity.
1. Who we are
This service is operated by [Your Registered Business Name], with registered address at [Your Registered Business Address]. You can contact us at support@clinicos.app.
2. Information we collect
- Account data: name, email, phone, clinic name, specialization, and password (hashed).
- Clinic content: services, timings, gallery images, staff, and public profile you publish.
- Patient records: patient contact details, appointments, prescriptions, lab orders, and invoices you create.
- Payment data: subscription plan, transaction status, and coupon usage. Card and UPI details are handled directly by Razorpay and never stored on our servers.
- Usage data: log-in times, IP address, browser, and pages visited for security and analytics.
- Communications: messages you send us for support.
3. How we use your information
- To provide, maintain, and improve the ClinicOS platform.
- To operate appointment booking, WhatsApp reminders, reviews, and other modules you enable.
- To process subscription payments and issue invoices.
- To detect abuse, prevent fraud, and enforce our Terms.
- To send transactional emails (billing, security, and product notifications).
4. Sharing with third parties
We share limited data only with the service providers that make ClinicOS work:
- Supabase — database and authentication hosting.
- Razorpay — payment processing.
- Resend — transactional email delivery.
- Google Maps — clinic location and reviews.
- WhatsApp Business — appointment messaging when you connect the module.
We do not sell your data or your patients' data to anyone.
5. Data retention
We keep account and clinic data for as long as your account is active. If you delete your account, we remove personal data within 30 days, except where retention is required by law (e.g. tax records, transaction history for up to 8 years as required in India).
6. Your rights
You can, at any time:
- Access, correct, or export the data in your account.
- Ask us to delete your account and associated data.
- Withdraw consent for optional communications.
To exercise these rights, email support@clinicos.app.
7. Security
Data is encrypted in transit (HTTPS/TLS) and at rest. Access is protected by role-based permissions and row-level security. Passwords are hashed with industry-standard algorithms. We follow least-privilege principles for internal access.
8. Cookies
We use only strictly necessary cookies for authentication and session management. We do not use third-party advertising cookies.
9. Children
ClinicOS is intended for licensed medical practitioners and their authorised staff. It is not intended for use by anyone under 18. Patient records created for minors are the responsibility of the treating clinic.
10. Changes to this policy
We may update this policy. Material changes will be notified via email or an in-app banner at least 7 days before they take effect.
11. Contact
For privacy-related questions, write to support@clinicos.app or [Your Registered Business Address].