Privacy Policy
Effective date: 2026-06-25
Last updated: 2026-06-25
This Privacy Policy describes how UseClinicConnect (“we”, “us”, “our”) collects, uses, shares, and protects information in connection with our website, product, and related services. This page is for transparency only and is not legal advice.
1) Who we are & how to contact us
Entity: UseClinicConnect
Privacy inquiries: privacy@useclinicconnect.com
General support: support@useclinicconnect.com
Address: Calicut, Kerala, India
2) Scope & roles
- Website & marketing data: We act as a data controller.
- Clinic workspace data (patients, prescriptions, pharmacy, etc.): Your clinic is the data controller; we act as a data processor for our SaaS offering.
- Self-hosted / Full-ownership customers: You control your own data on your infrastructure. This policy then primarily covers our website and support interactions with you.
3) Who owns patient & clinic data
- Your clinic owns the data. Patient records, prescriptions, pharmacy transactions, appointments, bills, documents, and other workspace data entered by you or your staff belong to your clinic—not UseClinicConnect.
- We do not claim ownership of Customer Data (as defined in our Terms of Service).
- For SaaS, we process Customer Data only to provide, secure, and improve the Services under your instructions and applicable law.
- You are responsible for determining what data to collect, lawful bases, patient notices, and consents required for your practice.
- We may use aggregated or de-identified data that cannot reasonably identify individuals or your clinic to improve reliability and product design.
4) Information we collect
- Contact & account data: name, clinic, phone, email, messages submitted via forms or support.
- Workspace/Clinic data (SaaS): patient demographics, appointments, tokens, prescriptions, pharmacy transactions, refunds, documents, audit logs—entered by your users.
- Usage & device data: IP address, browser type, pages viewed, timestamps, diagnostic logs.
- Cookies & similar technologies: see Cookies below.
5) How we use information
- Provide and improve the service; set up tenants and user accounts.
- Send service communications (e.g., onboarding, incidents, updates).
- Respond to demos, support, and privacy requests; operate our website.
- Security, fraud prevention, and compliance with law.
- Optional features you enable (e.g., AI-assisted notes, WhatsApp onboarding) with your consent.
6) Legal bases
We rely on one or more of the following: performance of a contract, consent, legitimate interests (e.g., security, product improvement), and legal obligation.
7) Sharing & subprocessors
We don’t sell personal data. We use trusted vendors to run our service, for example:
- Hosting/Infrastructure: e.g., DigitalOcean or equivalent cloud provider.
- Network & DNS security: e.g., Cloudflare/CDN.
- Email: e.g., transactional email provider or SMTP (for demo/alerts/auto-replies).
- Analytics & error reporting: to improve reliability and UX.
We maintain contracts and security reviews with subprocessors and limit access by the principle of least privilege.
8) Security measures
We implement reasonable technical and organizational measures to protect information, including:
- HTTPS: Production traffic is served over HTTPS (TLS). HTTP requests are redirected to HTTPS.
- Encryption in transit: Data is encrypted in transit between your browser or client and our servers using industry-standard TLS.
- Access controls: Production access is restricted to authorized personnel on a need-to-know basis.
- Role-based permissions: The application uses role-based access so staff only see features and data appropriate to their role.
- Audit trails: Key actions and login events are logged to support accountability and security monitoring.
- Infrastructure hardening: Network and DNS protection (e.g., Cloudflare) and routine security practices.
See our Security page for more detail. No system is perfectly secure; you also share responsibility for account security and lawful use.
9) Data backups
- Production databases for SaaS customers are backed up on a daily schedule.
- Backups are stored with access controls and used for recovery from accidental loss, corruption, or infrastructure failure.
- Backups are retained on a rolling schedule and purged after a defined retention window.
- Backups are part of our disaster-recovery approach; they are not a substitute for exports you maintain for your own records.
10) Data retention & deletion
- Website & contact data: retained as needed to respond to inquiries, provide support, and maintain business records.
- Clinic workspace data (active SaaS): retained for the duration of your subscription while your account is active.
- Deletion requests: For workspace data, contact your clinic administrator first (they are the data controller). We will support verified deletion requests from the controller. Deletion from live systems may not immediately remove all copies from backups until those backups age out per our rolling schedule.
- Logs: Limited technical, security, and audit logs may be retained for security, troubleshooting, and legal/accounting obligations.
- Legal holds: We may retain data longer where required by law or to resolve disputes.
11) When you stop using the service
If you cancel your subscription or otherwise stop using the SaaS Services:
- Data export: You may request an export of your clinic workspace data by contacting privacy@useclinicconnect.com or support before or shortly after closure. We recommend exporting data regularly during active use.
- Export window: Export requests are typically honored within 30 days after termination, unless a different period is stated in your agreement.
- Retention after closure: After the export window, we may delete Customer Data from active systems. Residual copies may remain in backups for a limited period before automatic purge.
- Reactivation: Once deletion is complete, data may not be recoverable. Contact us promptly if you need an export.
- Full-ownership / self-hosted: Data remains on your infrastructure under your control; contact us only regarding data we hold from support or billing interactions.
12) International transfers
Data may be processed outside your state or country by vetted vendors subject to appropriate safeguards and contracts.
13) Your rights
You may have rights such as access, correction, deletion, and withdrawal of consent for optional features. For clinic workspace data, please contact your clinic administrator first (they are the controller); we will support them in fulfilling requests. For website, contact, or privacy-related requests, email privacy@useclinicconnect.com.
14) Children’s data
Our website is not directed to children. Clinics may process minor patient data under applicable laws and their own policies.
15) Cookies & similar technologies
We use cookies and similar technologies on our website and application. These may include:
- Essential cookies: Required for login, session management, security (e.g., CSRF protection), and core functionality. These cannot be disabled without affecting how the Services work.
- Preference cookies: Remember settings such as language or UI preferences where applicable.
- Analytics cookies: Help us understand usage patterns, improve reliability, and measure performance. These may be provided by us or third-party analytics tools.
You can control or delete cookies through your browser settings. Blocking essential cookies may prevent you from logging in or using certain features. Where required by law, we will obtain consent before placing non-essential cookies.
16) Beta / early-access features
Features marked “Beta” or “Early Access” are optional and may change. Enable them only if suitable for your workflows.
17) Changes to this policy
We may update this Privacy Policy from time to time. We will update the Last updated date at the top of this page. For material changes, we will provide additional notice (e.g., by email or in-app notice) where appropriate. The Effective date indicates when the current version took effect.
18) Grievance & privacy contact
For privacy questions, data requests, or grievances relating to this policy:
Privacy contact:
privacy@useclinicconnect.com
Address: Calicut, Kerala, India