Privacy Policy

MediPD App may collect account information, clinic details, staff profiles, patient booking information, appointment records, widget chat content, service configuration, subscription data, support messages, audit events, device information, and integration settings.

Clinics should avoid collecting unnecessary clinical details through MediPD App. The default patient-facing flow is intended for administrative booking details, not full medical histories.

Payment card details are handled by the configured payment provider. MediPD App should not store full card numbers or card security codes.

Information is used to create accounts, authenticate users, run clinic dashboards, manage appointments, provide AI-assisted booking, deliver notifications, maintain subscriptions, send service emails, support integrations, secure the platform, troubleshoot issues, and comply with legal obligations.

Patient information should be used only for clinic-authorized operational purposes and should not be used for unrelated marketing without a valid legal basis and patient permission where required.

When AI booking features are enabled, selected patient messages, clinic configuration, appointment availability, and service context may be sent to configured AI providers to generate booking assistance.

Clinics should avoid collecting unnecessary clinical details through the booking widget and should configure the assistant to escalate sensitive or emergency requests to appropriate clinic channels.

MediPD App may share information with infrastructure, database, authentication, email, payment, AI, analytics, security, and integration providers as needed to operate the service.

When clinics configure webhooks, Zapier, SMTP, or other external systems, relevant event data may be sent to those configured destinations.

MediPD App uses strictly necessary cookies or local storage for security, session, consent, and core application behavior. These are required for the service to function.

Optional functional, analytics, and marketing cookies are used only where configured and permitted by consent or applicable law. See the Cookie Policy for categories, examples, and how to change your choices.

The app uses authentication, role-based access patterns, row-level security policies, audit logging, encrypted secret storage where configured, rate limiting, CAPTCHA options, and administrative controls to reduce privacy and security risk.

Clinics should assign least-privilege staff access, remove former staff promptly, use strong credentials, review integrations, and report suspected incidents quickly.

Records may be retained while an account is active and as needed for security, billing, support, legal, tax, audit, backup, and dispute-resolution purposes.

Clinics should define their own healthcare record retention rules and export or preserve data before deleting accounts or integrations.

Depending on location and role, users and patients may have rights to access, correct, delete, export, restrict, or object to processing of personal information.

Patients should usually contact their clinic first for clinical record requests because the clinic controls how patient records are collected and used. MediPD App can support clinics in responding to valid requests where technically possible.

The service may use providers and infrastructure located outside a user's country. Clinics should assess whether cross-border transfers are permitted for their practice and configure vendors accordingly.

Where required, clinics should ensure appropriate contractual, security, and patient-notice measures are in place before using the service with regulated health information.

Privacy, security, legal, and patient-data questions should be routed to the clinic administrator or the appointed privacy contact for the deployment.

Before production launch, replace placeholder contact details with the official legal entity name, mailing address, support email, privacy contact, and any required data protection officer or representative information.

Privacy obligations depend on where the clinic, patients, vendors, and hosting infrastructure are located. This page is a structured baseline and should be reviewed before production launch.