Privacy Policy

ClinicX ("ClinicX," "we," "us," or "our") operates the website https://clinicx.io and provides a HIPAA-compliant healthcare software platform for clinics and healthcare professionals (the "Service").

This Privacy Policy explains how we collect, use, disclose, and protect personal data and health information when you use ClinicX.

ClinicX is designed for healthcare professionals and clinics and follows HIPAA, GDPR, and industry-standard data protection principles.

1. Information We Collect

1.1 Personal Information

We collect the following personal information when you create an account or use the Service:

• Full name
• Email address
• Profile information (such as role or clinic affiliation)
• Authentication data when signing in using Google OAuth

1.2 Health & Appointment Information

ClinicX processes healthcare-related data strictly on behalf of clinics and authorized healthcare professionals, including:

• Appointment details (date, time, duration)
• Scheduling metadata
• Non-diagnostic administrative notes related to appointments

ClinicX does not provide medical diagnosis or treatment and only processes data required for operational and scheduling purposes.

1.3 Google Calendar Data

If you connect your Google account, ClinicX may access:

• Google account email and basic profile information
• List of calendars selected by you
• Calendar availability (free/busy information)
• Calendar event details necessary for appointment synchronization

Calendar access is explicitly user-authorized and limited to the scopes approved during Google OAuth consent.

1.4 Automatically Collected Information

We automatically collect:

• IP address
• Browser and device information
• Log data and usage analytics
• Session identifiers and cookies

2. How We Use Information

ClinicX uses collected data solely to:

• Provide secure appointment scheduling and calendar synchronization
• Prevent double-booking and scheduling conflicts
• Authenticate users and manage accounts
• Synchronize appointments between ClinicX and connected calendars
• Maintain platform security, auditability, and compliance
• Provide customer support and service communications

We do not use personal or calendar data for advertising, profiling, or marketing.

3. Google API Services Compliance

ClinicX's use and transfer of information received from Google APIs fully complies with the Google API Services User Data Policy, including Limited Use requirements.

Specifically:

• Google Calendar data is used only to enable scheduling and synchronization features requested by the user
• Data is not sold, rented, or shared with third parties for advertising purposes
• Data is not used to train AI or machine learning models
• Access is restricted to the minimum scopes required for core functionality
• Users may revoke Google access at any time

4. HIPAA Compliance & Protected Health Information (PHI)

ClinicX is a HIPAA-compliant healthcare SaaS platform.

• ClinicX acts as a Business Associate where applicable
• All Protected Health Information (PHI) is processed solely on behalf of covered entities (clinics and healthcare providers)
• PHI is accessed only by authorized users
• Technical, administrative, and physical safeguards are implemented in accordance with HIPAA Security Rule requirements
• Business Associate Agreements (BAAs) are available upon request

ClinicX does not sell, monetize, or repurpose PHI.

5. Legal Basis for Processing (GDPR)

For users in the UK and EU, ClinicX processes personal data under the following lawful bases:

• Consent – when users connect Google accounts or optional integrations
• Contractual necessity – to provide the ClinicX Service
• Legal obligation – compliance with healthcare and data protection laws
• Legitimate interest – platform security, fraud prevention, and service improvement

6. Data Sharing & Disclosure

ClinicX does not sell personal data.

Data may be shared only:

• With infrastructure providers (secure cloud hosting, encrypted storage)
• With subprocessors bound by confidentiality and data protection agreements
• When required by law, court order, or regulatory authority
• To protect the rights, safety, or security of ClinicX, clinics, or patients

All subprocessors are vetted for HIPAA and GDPR compliance.

7. Data Retention

• Personal and calendar data is retained only for as long as necessary to provide the Service
• Calendar access tokens are revoked immediately when a user disconnects Google Calendar
• Upon account termination, data is securely deleted in accordance with healthcare data retention requirements

8. Cookies & Tracking

ClinicX uses cookies and similar technologies strictly for:

• Authentication and session management
• Security and fraud prevention
• Performance monitoring and reliability

ClinicX does not use third-party advertising cookies.

9. Data Security

ClinicX implements enterprise-grade security measures, including:

• Encryption in transit and at rest
• Role-based access control
• Secure OAuth authentication
• Audit logging and monitoring
• Regular security reviews and vulnerability assessments

While no system is completely immune from risk, ClinicX follows industry best practices to protect user data.

10. Your Rights

Depending on jurisdiction, users may have the right to:

• Access their personal data
• Request correction of inaccurate information
• Request deletion of personal data
• Restrict or object to processing
• Withdraw consent for integrations
• File a complaint with a data protection authority

Requests can be made via the contact information below.

11. Children's Privacy

ClinicX is intended for use by licensed healthcare professionals and clinics only.

We do not knowingly collect data from children under the age of 16.

12. International Data Transfers

ClinicX may process data using secure infrastructure located in compliant jurisdictions.

All international data transfers are protected using appropriate safeguards consistent with GDPR and HIPAA requirements.

13. Contact Information

For privacy or data protection inquiries, contact:

14. Changes to This Privacy Policy

ClinicX may update this Privacy Policy from time to time.

Any changes will be published on this page and become effective immediately upon posting.