Privacy Policy

ClinicQueue (“we”, “us”, or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our clinic queue management platform, including our web application and patient mobile app.

By using ClinicQueue, you agree to the collection and use of information in accordance with this policy. This policy is intended to comply with the Digital Personal Data Protection Act, 2023 (DPDPA) of India.

We collect the following categories of information:

2.1 Account & Registration Data

• Full name, email address, and phone number (collected at registration)
• Password (stored in hashed/encrypted form — never in plain text)
• Email verification status

2.2 Clinic & Practice Data

• Clinic name, address, phone number, and operating hours
• Doctor specialization and experience details
• Weekly schedules and leave/unavailability records
• Staff and doctor invitations and role assignments

2.3 Queue & Visit Data

• Token numbers issued per queue session
• Visit status (waiting, in-progress, completed, skipped)
• Queue open/close/pause timestamps per day
• Historical visit records for analytics

2.4 Patient Data (via Mobile App)

• Patient app registration: name and phone number
• Clinic search and queue join history
• Push notification tokens (device identifiers for sending alerts)

2.5 Technical & Usage Data

• IP address, browser type, and device type
• Pages visited, actions taken, and session duration
• Error logs and performance metrics (for debugging and improvement)

We use the collected information to:

• Create and manage your account and clinic workspace
• Operate and display real-time queues to staff, doctors, and patients
• Send push notifications to patients when their token is called
• Process subscription billing and manage trial periods
• Provide analytics and visit history to clinic admins
• Authenticate users and enforce role-based access control
• Respond to support requests and troubleshoot issues
• Improve the platform through usage analytics
• Send transactional emails (e.g., verification, password reset, billing alerts)

We do not use your data for advertising purposes or sell your data to third parties.

ClinicQueue sends push notifications to patients via the mobile application to alert them when their queue token is called or when they are next in line. These notifications use device push tokens registered at the time of app installation.

Patients can disable push notifications at any time through their device settings. Disabling notifications does not affect access to the platform.

Coming soon: WhatsApp messaging and AI calling agent notifications for visit confirmations. Patients will be able to opt in or out of these channels separately.

We do not sell, rent, or trade your personal information. We may share data only in the following circumstances:

• Within your clinic workspace: Clinic admins can see all member and visit data within their clinic. Doctors and staff only see data relevant to their role.
• Service providers: Trusted third-party services (email delivery, cloud hosting, push notifications) that process data only as instructed under data processing agreements.
• Legal compliance: We may disclose data if required by law, court order, or to protect the rights, property, or safety of users or the public.
• Business transfers: In the event of a merger or acquisition, user data may be transferred with prior notice provided.

We retain your data for as long as your account is active or as needed to provide the Service:

• Account data is retained while your subscription is active
• Visit and queue history is retained for up to 12 months after the last recorded activity
• After account termination, data is retained for 30 days to allow recovery, then permanently deleted
• You may request early deletion by contacting us

We implement the following security measures:

• Encryption in transit: All data transmitted uses HTTPS/TLS encryption
• Password hashing: Passwords are hashed using bcrypt and never stored in plain text
• Role-based access: Each user can only access data permitted by their assigned role
• Scoped JWT tokens: Authentication tokens are scoped to specific clinics, preventing cross-clinic data leakage
• Session management: Refresh tokens are stored in HttpOnly cookies to prevent client-side JavaScript access

Despite our best efforts, no method of transmission over the internet is 100% secure. Use strong, unique passwords and protect your account credentials.

Under the Digital Personal Data Protection Act, 2023 (DPDPA) and applicable laws, you have the right to:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data (subject to retention obligations)
• Portability: Request your data in a structured, machine-readable format
• Withdraw consent: Withdraw consent for optional data processing at any time

To exercise any of these rights, visit our Support page. We will respond within 30 days.

We use the following browser storage mechanisms:

• HttpOnly cookies: Used to securely store refresh tokens for authentication sessions
• Local/Session storage: Used to cache active clinic context and UI preferences

We do not use tracking cookies or third-party advertising cookies. Essential cookies required for platform operation cannot be disabled.

ClinicQueue is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us personal data, please contact us and we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by displaying a prominent notice in the platform. Continued use of the Service after changes are posted constitutes acceptance of the updated policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please visit our Contact & Support page and we will respond within 30 business days.