This Privacy Policy explains how Clinxra collects, uses, and protects your information when you use our clinical management platform. We are committed to protecting your privacy and maintaining the confidentiality of healthcare information.
1. Introduction
Clinxra ("we," "us," or "our") operates the clinical management platform available at clinxra.com and through our mobile applications (the "Service"). This Privacy Policy informs you of our policies regarding the collection, use, and disclosure of personal information when you use our Service.
By using our Service, you agree to the collection and use of information in accordance with this policy.
2. Information We Collect
2.1 Personal Information
We collect several types of information from and about users of our Service:
Account Information: Name, email address, phone number, professional credentials, and billing information
Profile Information: Professional details, clinic information, specialization, and license numbers
Authentication Data: Username, password (encrypted), and security questions
Communication Data: Messages, support requests, and feedback you send to us
2.2 Patient Health Information (PHI)
Healthcare Data:
As a healthcare management platform, Clinxra processes Protected Health Information (PHI) and personal health data that you input into our system, including but not limited to:
Patient demographics and contact information
Medical histories and clinical assessments
Treatment plans and progress notes
Appointment schedules and medical records
Diagnostic information and test results
2.3 Technical Information
Device Information: IP address, browser type, operating system, device identifiers
Usage Data: Pages visited, features used, time spent on the platform, click patterns
Log Data: Server logs, error reports, and performance metrics
Cookies and Tracking: Session cookies, preference cookies, and analytics data
3. How We Use Your Information
3.1 Service Provision
Provide, maintain, and improve our clinical management platform
Process and store patient information as directed by healthcare providers
Enable appointment scheduling and patient management features
Generate reports and clinical documentation
Facilitate communication between healthcare providers and patients
3.2 Account Management
Create and manage user accounts
Authenticate users and ensure account security
Process subscription payments and billing
Provide customer support and technical assistance
3.3 Legal and Compliance
Comply with applicable healthcare regulations and laws
Respond to legal requests and prevent fraud
Maintain audit trails for regulatory compliance
Ensure data security and breach notification requirements
4. Legal Basis for Processing (GDPR Compliance)
When applicable, we process personal data based on the following legal grounds:
Contractual Necessity: To perform our contract with you and provide the Service
Legitimate Interest: To improve our services, ensure security, and conduct business operations
Legal Obligation: To comply with healthcare regulations and legal requirements
Consent: Where you have given explicit consent for specific processing activities
Vital Interests: To protect the vital interests of patients in emergency situations
5. Information Sharing and Disclosure
5.1 We Do Not Sell Your Data
We do not sell, trade, or otherwise transfer your personal information or patient health information to third parties for commercial purposes.
5.2 Limited Sharing
We may share information only in the following circumstances:
Service Providers: With trusted third-party vendors who assist in providing our Service (e.g., cloud hosting, payment processing) under strict confidentiality agreements
Legal Requirements: When required by law, court order, or governmental request
Emergency Situations: To protect the health and safety of patients in emergency circumstances
Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice to users)
User Direction: When you explicitly authorize us to share information with specific parties
5.3 Healthcare Provider Responsibilities
Healthcare providers using our platform are responsible for:
Obtaining appropriate patient consents for data processing
Ensuring compliance with applicable healthcare privacy laws
Managing access permissions for their staff and associates
Notifying patients about data sharing practices within their organization
6. Data Security
6.1 Technical Safeguards
Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
Access Controls: Multi-factor authentication and role-based access controls
Infrastructure: Secure cloud hosting with SOC 2 Type II compliance
Monitoring: 24/7 security monitoring and intrusion detection systems
Backup: Regular encrypted backups with geographic distribution
6.2 Administrative Safeguards
Regular security training for all personnel
Background checks for employees with data access
Incident response procedures and breach notification protocols
Regular security audits and vulnerability assessments
6.3 Physical Safeguards
Secure data centers with biometric access controls
Environmental monitoring and protection
Secure disposal of hardware and storage media
7. Data Retention
Data Type
Retention Period
Purpose
Account Information
Duration of subscription + 7 years
Legal compliance and tax records
Patient Health Information
As directed by healthcare provider*
Medical record keeping requirements
Usage Analytics
2 years
Service improvement and support
Communication Logs
3 years
Customer support and dispute resolution
Security Logs
1 year
Security monitoring and compliance
*Healthcare providers are responsible for determining appropriate retention periods for patient data based on applicable medical record laws and professional requirements.
8. Your Rights and Choices
8.1 Access and Control
Access: View and download your personal information
Correction: Update or correct inaccurate information
Deletion: Request deletion of your personal information (subject to legal retention requirements)
Portability: Export your data in a machine-readable format
Restriction: Limit how we process your information
8.2 Patient Rights
If you are a patient whose information is processed through our platform, you should contact your healthcare provider directly to exercise your rights regarding your health information.
8.3 Communication Preferences
Opt out of non-essential communications
Manage notification preferences
Control marketing communications (we send very limited marketing)
9. International Data Transfers
Our primary servers are located in Jordan. When we transfer data internationally, we ensure appropriate safeguards are in place:
Standard Contractual Clauses for EU data transfers
Adequacy decisions where available
Additional security measures for sensitive health data
Compliance with local data localization requirements
10. Cookies and Tracking Technologies
10.1 Types of Cookies
Essential Cookies: Required for platform functionality
Performance Cookies: Help us improve our services
Functional Cookies: Remember your preferences
Analytics Cookies: Understand how users interact with our platform
10.2 Cookie Management
You can control cookies through your browser settings. However, disabling certain cookies may limit functionality of our Service.
11. Children's Privacy
Our Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If you become aware that a child has provided us with personal information, please contact us immediately.
12. Healthcare-Specific Compliance
12.1 HIPAA Compliance (US)
For US-based healthcare providers, we serve as a Business Associate and comply with HIPAA requirements through:
Signed Business Associate Agreements (BAAs)
Administrative, physical, and technical safeguards
Breach notification procedures
Staff training on HIPAA requirements
12.2 Other Healthcare Regulations
We also comply with other applicable healthcare privacy laws and regulations in jurisdictions where our users operate.
13. Data Breach Notification
In the event of a data breach affecting personal or health information, we will:
Notify affected users within 72 hours of discovery
Report to relevant supervisory authorities as required
Provide details about the nature and scope of the breach
Outline steps taken to address the breach and prevent future incidents
Offer assistance and support to affected individuals
14. Third-Party Services
Our Service may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to those external services. We encourage you to review the privacy policies of any third-party services you use.
15. Updates to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by:
Posting the updated policy on our website
Sending email notifications to registered users
Providing in-app notifications
Updating the "Last Updated" date at the top of this policy
Your continued use of the Service after any modifications indicates your acceptance of the updated Privacy Policy.
16. Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Clinxra Data Protection Officer
Email: privacy@clinxra.com
Website: clinxra.com
Subject Line: Privacy Policy Inquiry
For Healthcare Providers:
Business Associate Agreement requests: legal@clinxra.com
For Patients:
Please contact your healthcare provider directly for questions about your health information.
EU Representative (if applicable):
[To be appointed if EU users require local representation]
17. Governing Law
This Privacy Policy is governed by the laws of Jordan. For users in other jurisdictions, we also comply with applicable local privacy laws including GDPR, CCPA, and other relevant data protection regulations.