C1
CLINICONE
Legal

Privacy Policy

Your privacy matters. Learn how we collect, use, and protect your data.

Last Updated: February 2026

1. Introduction

ClinicOne ("we", "us", "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, store, and share information when you use our clinic management platform ("Service"). By using the Service, you consent to the practices described in this policy.

2. Information We Collect

2.1 Account Information

When you register, we collect:

  • Full name (first and last name)
  • Email address
  • Phone number (optional)
  • Clinic name and details
  • Password (stored in hashed form)

2.2 Clinic and Patient Data

When using the Service, your clinic may enter:

  • Patient records (names, contact info, medical history)
  • Appointment schedules
  • Billing and payment information
  • Medical notes and documents
  • Staff information and schedules

Important: Patient health data entered by clinics is processed by ClinicOne on behalf of the clinic. The clinic is the data controller for patient data, and ClinicOne acts as a data processor.

2.3 Usage Data

We automatically collect:

  • Browser type and version
  • Device information
  • IP address
  • Pages visited and features used
  • Date and time of access
  • Error logs for troubleshooting

2.4 Cookies and Tracking

We use essential cookies for session management and authentication. We do not use third-party advertising cookies. Analytics cookies are optional and can be disabled in your browser settings.

3. How We Use Your Information

We use collected information to:

  • Provide the Service: Operating and maintaining the platform, processing your requests.
  • Improve the Service: Analyzing usage patterns to enhance features and performance.
  • Communication: Sending service updates, security alerts, and support messages.
  • Security: Detecting and preventing fraud, abuse, and security incidents.
  • Compliance: Meeting legal obligations and resolving disputes.

We do not use your data for advertising purposes. We do not sell your personal information to third parties.

4. Data Storage and Security

4.1 Data Location

Your data is stored on secure servers. We use industry-standard cloud infrastructure with multiple layers of physical and digital security.

4.2 Security Measures

  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256).
  • Access Control: Role-based access control ensures only authorized personnel can access data.
  • Multi-Tenant Isolation: Each clinic's data is logically isolated from other clinics.
  • Backups: Automated daily backups with point-in-time recovery capability.
  • Monitoring: 24/7 security monitoring and incident response procedures.
  • Password Security: Passwords are hashed using bcrypt with appropriate salt rounds.

4.3 Data Retention

We retain your data for as long as your account is active. Upon account termination:

  • You have 30 days to export your data.
  • After 30 days, all data is permanently deleted from our primary systems.
  • Backup copies may persist for up to 90 days before automatic deletion.

5. Data Sharing

We do not sell, rent, or trade your personal information. We may share data only in these limited circumstances:

  • Service Providers: With trusted third-party services that help us operate (hosting, email delivery, SMS services). These providers are bound by data processing agreements.
  • Legal Requirements: When required by law, regulation, or legal process.
  • Safety: To protect the rights, property, or safety of ClinicOne, our users, or the public.
  • Business Transfer: In connection with a merger, acquisition, or sale of assets, with advance notice to affected users.

6. Your Rights

You have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate personal data.
  • Deletion: Request deletion of your personal data (subject to legal retention requirements).
  • Export: Request your data in a machine-readable format (data portability).
  • Objection: Object to processing of your personal data for certain purposes.
  • Restriction: Request restriction of processing in certain circumstances.

To exercise any of these rights, please contact us at [email protected].

7. Children's Privacy

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected data from a child, we will delete it promptly.

8. International Data Transfers

Your data may be processed in servers located in different regions. We ensure that any international data transfers comply with applicable data protection laws and maintain adequate security measures.

9. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification at least 30 days before they take effect. The "Last Updated" date at the top indicates the most recent revision.

11. Contact Us

For questions or concerns about this Privacy Policy or our data practices, please contact us:

Privacy Policy — ClinicOne