Legal

Privacy Policy

Effective date: April 26, 2026

ProClinik Technologies Private Limited (“ProClinik”) is committed to protecting your personal data. This policy explains what we collect, why, and how we protect it.

1

Information We Collect

1.1 Account & Registration Data

When a clinic registers on ProClinik, we collect the clinic name, administrator name, email address, phone number, and a hashed password. We never store passwords in plain text.

1.2 Patient Health Data (PHI)

Clinics may store patient records, clinical notes, prescriptions, and billing information on the platform. This constitutes Protected Health Information (PHI) under applicable law. ProClinik processes this data solely as a data processor on behalf of the clinic (data controller), strictly according to the clinic's instructions and applicable healthcare regulations.

1.3 Usage & Technical Data

We automatically collect log data including IP addresses, browser type, pages visited, session duration, and error reports. This data is used to maintain service reliability and security.

1.4 Payment Data

Subscription payments are processed by Razorpay. ProClinik does not store full card numbers — we receive only a tokenised payment reference and subscription status.

1.5 Cookies & Tracking

We use strictly necessary cookies for session management. Analytics and marketing cookies are deployed only with your explicit consent via our cookie preferences panel. See the Cookie Policy section below.

2

How We Use Your Information

  • To create, manage, and secure your clinic account
  • To provide, maintain, and improve the ProClinik platform
  • To process subscription payments and issue invoices
  • To send transactional emails (receipts, alerts, password resets)
  • To respond to support inquiries
  • To detect and prevent fraud, abuse, or security incidents
  • To comply with legal obligations under Indian law (IT Act 2000, DPDP Act 2023)

We do not sell, rent, or share your personal data or patient data with third parties for advertising purposes.

3

Data Storage & Security

All data is stored encrypted at rest (AES-256) and in transit (TLS 1.2+). Patient files are encrypted at the object level before storage. Access is strictly controlled via multi-tenant schema isolation and role-based access controls.

We maintain audit logs of all data access and modifications. Our infrastructure is hosted in data centres compliant with CERT-In requirements.

In the event of a data breach affecting your personal data, we will notify you and the relevant authorities as required by applicable law within 72 hours of discovery.

4

Data Retention

We retain your account data for the duration of your subscription and for up to 7 years thereafter for legal and regulatory compliance. Patient health records are retained per the clinic's own retention policy and applicable healthcare regulations.

You may request deletion of your account data by contacting us at hq@proclinik.com.

5

Your Rights

Under the Digital Personal Data Protection Act 2023 (DPDP Act) and applicable law, you have the following rights:

Access

Request a copy of your personal data we hold

Correction

Request correction of inaccurate data

Erasure

Request deletion (subject to legal retention requirements)

Portability

Receive your data in a machine-readable format

Objection

Object to processing based on legitimate interest

Withdraw Consent

Withdraw consent for optional processing at any time

To exercise any of these rights, contact us at hq@proclinik.com. We will respond within 30 days.

6

Cookie Policy

We use three categories of cookies:

Strictly NecessaryRequired for the website to function (session token, CSRF protection, cookie consent record). Cannot be disabled.
AnalyticsHelp us understand how visitors interact with our website (page views, bounce rate). Deployed only with your consent.
MarketingUsed to show relevant advertisements on third-party platforms. Deployed only with your explicit consent.

You can manage your cookie preferences at any time via the preferences panel in the footer of our website.

7

Third-Party Services

We integrate with the following third-party services, each governed by their own privacy policy:

Razorpay

Payment processing

Privacy policy ↗

Hetzner Cloud

Infrastructure hosting & encrypted file storage

Titan Mail (SMTP)

Transactional email delivery

8

Children's Privacy

The ProClinik platform is intended for use by healthcare professionals and clinic administrators. It is not directed at individuals under 18 years of age. We do not knowingly collect personal data from minors.

9

Changes to This Policy

We may update this Privacy Policy periodically. When we do, we will update the effective date and notify registered users via email. Continued use of the Service after changes constitutes acceptance of the updated policy.

10

Contact Us

For privacy-related questions or to exercise your rights, contact our Data Protection Officer:

ProClinik Technologies Private Limited

hq@proclinik.com