Privacy policy

Draft for legal review — not finalized legal advice. Have qualified counsel review before launch.

Who we are (data controller)

DigiClinic is operated by Digizoom. For questions about your data or to exercise your rights, contact us at hello@digiclinic.app. For clinics using DigiClinic, the clinic is the data controller for its patients' data and DigiClinic acts as a data processor under a data-processing agreement.

What we collect

Account and clinic details you provide at signup (name, email, phone, clinic name, country), billing information processed by our payment provider (Stripe — we never store card numbers), and the operational data you enter into the product. On the marketing site we use privacy-friendly, cookieless analytics.

How we use it

To provide and operate the service, process your subscription, provide support, and improve the product. We do not sell personal data.

Legal bases (GDPR)

Performance of a contract (providing the service), legitimate interests (securing and improving the service), consent (non-essential analytics/marketing, where applicable), and legal obligations.

Data residency

Personal and clinical data is hosted in the European Union. Clinical notes and images are encrypted at rest and are never served from public links.

Sub-processors

We use a small number of vetted sub-processors (e.g. cloud hosting and Stripe for payments). A current list is available on request.

Retention

We keep account and operational data for as long as your account is active and as required to comply with legal obligations, then delete or anonymise it.

Your rights

Subject to applicable law, you may request access, correction, deletion, restriction, portability, or object to processing. Contact hello@digiclinic.app.

Changes

We may update this policy; material changes will be communicated through the service or by email.

Privacy policy · DigiClinic