LEGAL

Privacy Policy

Last Updated: May 14, 2026

1. Introduction

This Privacy Policy ("Policy") is provided by Clindesk (also known as Clindeskapp), ("Company," "we," "us," or "our"), a product of Phobolytics Technologies Pvt Ltd, and applies to the Clindesk platform, accessible at dashboard.clindeskapp.com and related services (the "Service"). We are committed to protecting your privacy and ensuring you have a positive experience on our platform.

This Policy explains how we collect, use, disclose, and otherwise process personal information through the Service. Please read this Policy carefully. By accessing or using Clindesk (dashboard.clindeskapp.com), you acknowledge that you have read, understood, and agree to be bound by all the terms of this Privacy Policy.

2. Information We Collect

2.1 Information You Provide Directly

Account Registration:

  • Name, email address, phone number
  • Password and authentication credentials
  • Professional credentials and qualifications
  • Business information and practice details
  • Subscription and billing information

Client/Patient Information:

  • Patient names, contact information, and demographics
  • Medical history and health information
  • Appointment and session notes
  • Billing and payment information
  • Treatment plans and progress notes

Communication:

  • Messages, emails, and support requests you send to us
  • Feedback, reviews, and survey responses
  • Chat logs and communication records

2.2 Information Collected Automatically

Usage Data:

  • Pages visited and features accessed
  • Time and duration of activities
  • Search queries and filters applied
  • Device information and browser type
  • IP address and location data
  • Cookies and similar tracking technologies

Payment Information:

  • Transaction details and payment history
  • Billing addresses and payment methods
  • Razorpay integration data

3. How We Use Your Information

Clindesk uses collected information for:

3.1 Service Delivery

  • Creating and maintaining your account
  • Processing appointments and sessions
  • Managing billing and subscriptions
  • Providing customer support
  • Sending transactional notifications

3.2 Business Operations

  • Analytics and performance monitoring
  • Service improvement and feature development
  • Security and fraud prevention
  • Compliance with legal obligations
  • Audit and internal purposes

3.3 Marketing and Communication

  • Sending promotional emails and notifications (with your consent)
  • Product updates and feature announcements
  • Service improvements information
  • Responding to inquiries

4. Data Security

4.1 Security Measures

Clindesk implements industry-standard security measures:

  • SSL/TLS encryption for data in transit
  • Secure authentication mechanisms
  • Password hashing and salting
  • Regular security audits and updates
  • Access controls and role-based permissions
  • Secure database encryption

4.2 Data Protection

We maintain appropriate administrative, physical, and technical safeguards to protect your personal information. However, no security system is impenetrable. While we strive to protect your data, we cannot guarantee absolute security.

5. Data Retention

  • Account Data: Retained while your account is active and for 90 days after deletion
  • Client/Patient Records: Retained per your retention settings and legal requirements
  • Transaction Records: Retained for 7 years for compliance purposes
  • Usage Logs: Retained for 12 months

You can request data deletion at any time, subject to legal retention requirements.

6. Information Sharing and Disclosure

6.1 Third-Party Services

Clindesk may share information with:

  • Payment Processors: Razorpay for payment processing
  • Analytics Providers: For usage analytics and service improvement
  • Email Service Providers: For communication and notifications
  • Cloud Infrastructure Providers: For data hosting and backup
  • WhatsApp Business: For appointment reminders and notifications

6.2 Legal Requirements

We may disclose information when:

  • Required by law or court order
  • Necessary to enforce our Terms of Service
  • Protecting our rights, privacy, safety, or property
  • Preventing fraud or illegal activity

6.3 Business Transfers

In case of merger, acquisition, or sale of assets by Clindesk or Phobolytics Technologies Pvt Ltd, your information may be transferred as part of that transaction.

7. Your Rights and Choices

7.1 Access and Portability

  • Request access to your personal data
  • Obtain a copy of your data in machine-readable format
  • Download your client/patient records

7.2 Correction and Deletion

  • Update or correct inaccurate information
  • Request deletion of your account and associated data
  • Opt-out of marketing communications

7.3 Data Processing Choices

  • Control notification preferences
  • Manage cookie settings
  • Withdraw consent for data processing

To exercise these rights, contact privacy@clindeskapp.com

8. Cookies and Tracking

8.1 Cookie Usage

Clindesk uses cookies for:

  • User authentication and session management
  • Preference storage
  • Analytics and performance monitoring
  • Security and fraud prevention

8.2 Cookie Control

You can control cookie preferences through your browser settings. Disabling cookies may impact platform functionality.

9. Third-Party Links

The Service may contain links to third-party websites. Clindesk is not responsible for their privacy practices. Review their privacy policies independently.

10. Children's Privacy

The Service is not intended for users under 18 years old. We do not knowingly collect information from minors. If we discover such collection, we will delete the information promptly.

11. International Data Transfer

Your information may be processed and stored in countries other than your residence. By using the Service, you consent to such transfer, understanding that these countries may have different data protection laws.

12. GDPR and Data Protection Compliance

12.1 GDPR Compliance for EU & UK Practitioners

Clindesk maintains full GDPR-compliant data practices for practitioners in the European Union and United Kingdom. We ensure:

  • Data Minimization: We collect only necessary personal and patient data
  • Purpose Limitation: Data is used only for stated healthcare and operational purposes
  • Storage Limitation: Patient data is retained per your practice requirements and GDPR guidelines
  • Integrity and Confidentiality: AES-256 encryption at rest, TLS 1.3 in transit
  • Accountability: Full audit trails and transparent processing records

12.2 Your GDPR Rights

Under GDPR, EU and UK users have the following rights, which Clindesk fully supports:

  • Right of Access: Request and download all personal and patient data in a structured format
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data (subject to legal retention requirements)
  • Right to Restrict Processing: Limit how your data is used
  • Right to Data Portability: Export your data in machine-readable format for transfer to another platform
  • Right to Object: Opt-out of certain processing activities
  • Right Not to Be Subject to Automated Decision-Making: We do not use automated decision-making for healthcare decisions

12.3 Legal Basis for Processing

Clindesk processes personal and patient data based on:

  • Contract Performance: Necessary to deliver the platform and healthcare services
  • Legal Obligation: Compliance with healthcare and data protection regulations
  • Your Explicit Consent: For marketing and optional communications
  • Vital Interests: Protection of patient safety and emergency situations
  • Legitimate Interests: Service security, fraud prevention, and platform improvements

12.4 Data Protection Officer

For GDPR-related inquiries and to exercise your data rights, contact our Data Protection Officer at dpo@clindeskapp.com

13. HIPAA-Aligned Infrastructure for US Practitioners

13.1 HIPAA-Aligned Infrastructure

Clindesk maintains HIPAA-aligned infrastructure and practices specifically designed for US private practices and healthcare providers. Our infrastructure ensures:

  • Encryption Standards: All patient data (PHI - Protected Health Information) is encrypted with AES-256 at rest and TLS 1.3 in transit
  • Access Controls: Role-based access controls (RBAC) ensure only authorized personnel access sensitive patient data
  • Audit Logging: Comprehensive audit trails track all access to patient data, modifications, and user activities
  • Authentication: Secure multi-factor authentication for all user accounts
  • Data Integrity: Safeguards to prevent unauthorized modification or deletion of patient records
  • Incident Response: Dedicated security monitoring and incident response procedures
  • Backup and Disaster Recovery: Regular encrypted backups and disaster recovery protocols
  • Zero Patient Data Sharing: Your patient data is never sold, shared, or used for any purpose beyond delivering the platform

13.2 HIPAA Compliance Responsibility

Important Note: While Clindesk maintains HIPAA-aligned infrastructure and security practices, final HIPAA compliance responsibility lies with covered entities and business associates. Healthcare providers must:

  • Obtain explicit patient consent for data collection and processing
  • Implement organizational policies and training
  • Maintain required privacy and security documentation
  • Conduct regular risk assessments
  • Report security incidents in compliance with HIPAA Breach Notification Rule
  • Ensure compliance with state and federal healthcare regulations

We recommend consulting with legal and compliance advisors regarding your specific HIPAA obligations and Business Associate Agreement (BAA) requirements.

13.3 Patient Data Security Standards

All patient data on Clindesk is protected with:

  • AES-256 Encryption: Military-grade encryption for data at rest
  • TLS 1.3: Latest secure transmission protocol for data in transit
  • Hash Password Encryption: User passwords stored using bcrypt hashing
  • Secure Database: Encrypted database with restricted access controls
  • Regular Security Audits: Ongoing vulnerability assessments and penetration testing

14. Changes to This Policy

Clindesk may update this Privacy Policy. Changes will be effective immediately upon posting, with a notice on the platform. Continued use constitutes acceptance.

15. Contact Us

For privacy concerns or data requests, contact:

Clindesk (Clindeskapp)
A product of Phobolytics Technologies Pvt Ltd

Data Protection Officer
Email: dpo@clindeskapp.com

© 2026 Clindesk (Clindeskapp). All rights reserved. Clindesk is a product of Phobolytics Technologies Pvt Ltd.

Ready to Start?

Join thousands of doctors using Clindesk to manage their clinics securely.

Start Free Trial →