Privacy Policy

D. Clinic (“we”, “us”, or “our”) provides clinic management software that helps medical clinics in Nepal manage appointments, patient records, prescriptions, billing and related operations (the “Service”). This Privacy Policy explains how we collect, use, store, share and protect information when you use the Service. By creating an account or using D. Clinic, you agree to the practices described here. If you do not agree, please do not use the Service.

• Account information — clinic name, your name, email address, phone number and login credentials.
• Clinic & staff information — details of doctors, staff and the services your clinic offers.
• Patient information — entered by you or your staff, including names, contact details, demographics and medical records (see Section 4).
• Billing & payment information — invoices, receipts, amounts and payment status. Card details, where applicable, are handled by our payment processors.
• Usage & technical data — log data, device and browser type, IP address and how you interact with the Service.

• Provide, operate and maintain the Service and its features.
• Process appointments, records, prescriptions, billing and SMS reminders on your instruction.
• Authenticate users and protect accounts against unauthorised access.
• Provide customer support and respond to your requests.
• Send important service notices, updates and (where permitted) product information.
• Analyse usage to improve reliability, security and the user experience.
• Comply with legal obligations applicable in Nepal.

Patient health information you store in D. Clinic belongs to your clinic. Your clinic is the data controller and D. Clinic acts as a data processor — we process it only to provide the Service and only on your instructions. We do not sell patient data, and we do not use patient health information for advertising. It is your responsibility, as the clinic, to obtain any required patient consent and to use the Service in line with applicable medical and privacy laws.

We process personal data where it is necessary to perform our contract with you, where you have given consent, where we have a legitimate interest in operating and securing the Service, or where we are required to do so by law. You may withdraw consent at any time by contacting us, though this may affect your ability to use certain features.

We do not sell your data. We may share information only in these limited situations:

• Service providers — trusted vendors who help us operate the Service (hosting, SMS delivery, payment processing), bound by confidentiality and data-protection obligations.
• Within your clinic — with the team members you authorise, according to the access roles you assign.
• Legal requirements — when required by valid legal process or to protect rights, safety and the integrity of the Service.
• Business transfers — in connection with a merger, acquisition or sale of assets, with continued protection of your data.

• Encryption of data in transit and at rest.
• Role-based access controls so users see only what they are authorised to.
• Regular, encrypted backups to prevent data loss.
• Monitoring and access logging to detect and respond to unusual activity.

No system can be guaranteed completely secure, but we work continuously to protect your information and to notify you promptly of any breach affecting your data.

We retain your data for as long as your account is active and as needed to provide the Service. If you close your account, we will delete or anonymise your data within a reasonable period, except where we must retain certain records to comply with legal, accounting or regulatory obligations. You may request an export of your clinic's data before closing your account.

We use essential cookies to keep you signed in and to keep the Service secure, and limited analytics cookies to understand how the Service is used so we can improve it. You can control cookies through your browser settings, though disabling essential cookies may affect functionality.

Subject to applicable law, you may have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate or incomplete data.
• Request deletion of your data, where appropriate.
• Object to or restrict certain processing.
• Request a copy of your data in a portable format.

To exercise any of these rights, contact us using the details below. We will respond within a reasonable timeframe.

The Service is intended for use by clinics and their staff, not by children directly. Where a clinic stores records for patients who are minors, it does so under its own responsibility and with appropriate consent from a parent or guardian as required by law.

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date and, where appropriate, notify you within the Service. Continued use after changes take effect means you accept the updated policy.