ClinicPro
Get Started
Legal

Privacy Policy

Last updated: April 2026

This policy explains what ClinicPro collects, why, and how we protect it. We designed our data model specifically so clinics can't see each other's records — patient privacy is non-negotiable.

Privacy at a glance

Per-clinic isolation
Row-level security makes cross-clinic access impossible.
No ad tracking
We don't sell, share, or monetise your data.
Encryption in transit
All traffic is HTTPS-only.
You own your data
Export or delete your clinic's data any time.

1. What we collect

Account data: your name, email, and password hash. Clinic data: patient names, phone numbers, national IDs (if you enter them), visit dates, prices, and any clinical notes you type. Usage data: anonymised audit logs recording who did what action, to help you debug staff actions later.

2. Why we collect it

We collect only what's needed to provide the Service: authenticate you, render your clinic's dashboard, bill the correct plan, and help you audit staff activity. We do not build ad-targeting profiles, and we do not share identifiable data with third parties.

3. Where it lives

Your data is stored on Supabase-managed PostgreSQL with row-level security enforced at the database layer. The database runs in a regional data centre and is backed up automatically. Service role keys used by our API routes live only on the server and never reach the browser.

4. Who can see it

Only accounts belonging to your clinic can see your clinic's data. Our staff can access aggregated, non-patient metadata for debugging (e.g. account count per clinic) but do not view patient records except when you explicitly request support and grant access.

5. Cookies

We use strictly-necessary cookies to keep you signed in. We do not use advertising or analytics cookies. You can clear cookies at any time — you'll simply need to sign in again.

6. Your rights

You can export your clinic's data from the Doctor dashboard at any time. You can request deletion of your account by writing to hello@clinicpro.app; we'll permanently remove your records within 30 days except where retention is legally required.

7. Children's data

ClinicPro is intended for licensed medical professionals. Paediatric patient records are medical data treated under the same strict isolation as all other records. We do not knowingly collect personal data from children who are not clinic patients.

8. Security incidents

If we become aware of a security incident that affects your data, we will notify affected clinics within 72 hours of confirmation and describe what happened, what data was involved, and the steps we have taken.

9. Changes to this policy

We may update this policy as the Service evolves. Material changes will be announced in-app at least 14 days before they take effect.

10. Contact

Questions about privacy? Write to hello@clinicpro.app and a founder will respond personally.