Doctor's Clinic
Start free trial

Privacy Policy

Last updated: March 29, 2026

1. Introduction

Doctor's Clinic (“we”, “us”) provides an online service for clinics to manage operations, scheduling, clinical workflows, and related business data — with each clinic’s information kept separate from others. We process personal data as described here and in agreements you enter with us (including Terms of Service and, where offered, a Data Processing Agreement or Business Associate Agreement).

2. Who is responsible?

Depending on your location and role, your clinic or organization is typically the controller of patient and staff data you enter. Doctor's Clinic generally acts as a processor (or “service provider”) on your instructions to provide the service. For account and billing data about clinic administrators, we may act as controller for core account operations.

3. Categories of data

Depending on how you use the product, we may process:

  • Identity & account: name, email, securely stored sign-in credentials, role, clinic affiliation.
  • Patient & clinical: demographics, MRNs, appointments, visit records, prescriptions, notes, and other chart-related fields you choose to store.
  • Operational: inventory, invoices, support messages, and activity records such as timestamps where needed for accountability.
  • Technical: data needed to keep you signed in, limited network information in service logs where enabled for security, and diagnostics needed to operate and protect the service.

4. Purposes and legal bases (GDPR)

For users in the European Economic Area (EEA), UK, or Switzerland, we rely on appropriate bases such as:

  • Contract — providing Doctor's Clinic under our Terms.
  • Legitimate interests — securing the platform, preventing abuse, and improving reliability (balanced against your rights).
  • Legal obligation — where required by law.
  • Where health data is special-category data under GDPR Article 9, your organization’s lawful basis (e.g. healthcare provision or explicit consent) applies to data you enter; we process it only as instructed and under a suitable agreement where required.

5. HIPAA and protected health information (PHI)

U.S. healthcare providers and many of their vendors must comply with the Health Insurance Portability and Accountability Act (HIPAA). When your organization uses Doctor's Clinic with electronic protected health information (ePHI), you are typically the covered entity or business associate, and you are responsible for compliance with the HIPAA Privacy, Security, and Breach Notification Rules in how you configure and use the product.

Where Doctor's Clinic meets the definition of a business associate for your use case, we can provide a Business Associate Agreement (BAA) that supplements our Terms. Contact us at contact@doctorsclinic.services to request a BAA or to discuss your deployment model.

Technical and organizational measures we employ are summarized on our Trust & compliance page. They do not replace your own risk analysis, workforce training, or policies.

6. Security

We implement industry-standard safeguards appropriate to an online healthcare service, including keeping each clinic’s data separate, access controls for staff accounts, encrypted connections in production, and protected passwords. Details may evolve; see the compliance page for a current overview.

7. Retention

We retain data while your account is active and for a limited period afterward for backups, legal, and dispute resolution unless a longer period is required by law or contract. Specific retention for certain records may be configurable or governed by your organization’s policies.

8. Your rights (GDPR & similar laws)

Subject to applicable law, you may have the right to:

  • Access, rectify, or erase personal data we hold about you;
  • Restrict or object to certain processing;
  • Data portability where processing is based on contract or consent and is automated;
  • Withdraw consent where processing was consent-based;
  • Lodge a complaint with a supervisory authority.

For requests, contact contact@doctorsclinic.services. We may need to verify your identity. If data is controlled by your clinic (e.g. a patient record), we may direct you to that organization.

9. International transfers

Our infrastructure may process data in jurisdictions where our hosting providers operate. Where GDPR applies, we use appropriate safeguards (such as Standard Contractual Clauses) when transferring personal data outside the EEA, UK, or Switzerland, as required.

10. Cookies and similar technologies

We use cookies and similar mechanisms necessary for authentication, security, and preferences (e.g. theme). We do not use third-party advertising cookies in the clinic product. Analytics, if introduced, will be described here with consent mechanisms where required.

11. Partners who host or support the service

We use trusted hosting and service partners to run Doctor's Clinic. A current list is available on request and may be updated; we will notify customers of material changes where our agreements require it.

12. Children

The service is intended for professional healthcare use. It is not directed at children for direct sign-up. Patient records about minors may be entered by the clinic where permitted by law and policy.

13. Changes

We may update this Privacy Policy from time to time. We will post the new version on this page and adjust the “Last updated” date. Continued use after changes constitutes notice where permitted by law; material changes may require additional steps under GDPR or contract.

14. Contact

Questions about this policy: contact@doctorsclinic.services. For GDPR-related requests, you may also contact your clinic as controller where they hold the underlying record.