Clindoc

Legal

Privacy Policy

Effective Date: 31/01/2026

1. Introduction

Welcome to Clindoc, operated by CLINDOCAI Ltd (“we”, “our”, or “us”). We are committed to protecting the privacy and security of personal data and health-related information processed through our platform. This Privacy Policy explains how we collect, use, share, and protect information in accordance with applicable UK data protection laws, including the UK GDPR and the Data Protection Act 2018. Where relevant, we also follow recognised healthcare data protection principles. Clindoc acts as a data processor on behalf of healthcare practitioners and practices, who act as data controllers for patient data.

2. Information We Collect

Personal Data from Healthcare Practitioners:

  • Name, email address, phone number, and practice details
  • Account authentication information
  • Billing and payment information
  • Platform preferences and configuration settings

Patient-Related Data:

  • Audio data captured during consultations
  • Transcripts of patient-practitioner interactions
  • AI-generated clinical documentation, including notes, summaries, and referral letters
  • Appointment and contextual information provided by the practitioner

Technical Information:

  • IP address and device information
  • Browser type and operating system
  • Platform usage and interaction data
  • System logs, audit trails, and processing metadata

3. How We Use Your Data

We process data for the following purposes:

  • Service Delivery: To operate, maintain, and provide the Clindoc platform and its features
  • Clinical Documentation: To process consultations and generate AI-assisted clinical documentation as instructed by practitioners
  • Platform Improvement: To monitor performance, reliability, and system integrity
  • Communication: To provide customer support and respond to enquiries
  • Billing and Administration: To manage subscriptions, invoicing, and account administration
  • Legal and Regulatory Compliance: To comply with applicable laws and regulatory obligations

4. Legal Basis for Processing

We rely on the following legal bases under UK GDPR:

  • Performance of a contract with healthcare practitioners
  • Legitimate interests in operating and improving the Platform
  • Compliance with legal and regulatory obligations
  • Consent obtained by healthcare practitioners from patients, where required

Practitioners are responsible for ensuring an appropriate legal basis exists for processing patient data.

5. Data Storage and Retention

Data Storage

  • Patient and practitioner data processed through Clindoc is stored securely on servers located within the European Union.
  • We implement appropriate technical and organisational safeguards to protect stored data, including encryption, access controls, and monitoring.
  • Clindoc uses third-party AI processing providers, including OpenAI, under contractual agreements that enforce zero data retention. Data processed by these providers is not retained or used for training or secondary purposes.

Data Retention

  • Patient data is retained only for as long as necessary to provide the Platform and as instructed by the practitioner or practice.
  • Practitioner account and billing data is retained for the duration of the contractual relationship and for a limited period thereafter to comply with legal, tax, and accounting obligations.
  • Retention periods are reviewed regularly to ensure data is not kept longer than necessary.

6. Sharing Your Data

We do not sell personal data or patient information.

  • Healthcare practitioners or practices, or systems they authorise, to deliver the Platform’s functionality
  • Trusted third-party service providers, including cloud infrastructure, payment processing, security, and AI processing providers, operating under strict data protection and confidentiality agreements
  • Regulatory authorities, law enforcement, or public bodies, where required by law

All third parties are required to process data in accordance with applicable data protection laws and Clindoc’s instructions.

7. Data Security and Compliance

We maintain robust technical and organisational measures to safeguard your data:

  • Encryption: End-to-end encryption for all data in transit and at rest
  • Access Controls: Role-based access with multi-factor authentication
  • Compliance Certifications: GDPR, and HIPAA standards
  • Regular Audits: Independent security assessments and penetration testing
  • Staff Training: Comprehensive privacy and security training for all personnel
  • Incident Response: 24/7 monitoring and immediate breach notification procedures

8. Your Rights

Under GDPR and healthcare privacy regulations, you have the right to:

  • Request access to your personal data and PHI
  • Request correction or deletion of your data
  • Object to processing of your data
  • Request data portability
  • Withdraw consent at any time (where processing is based on consent)
  • Request restrictions on data processing
  • File complaints with supervisory authorities

Healthcare practitioners should handle patient rights requests directly. Practitioner users may contact us at support@clindoc.ai to exercise their rights.

9. International Transfers

Where data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place, such as adequacy decisions or standard contractual clauses, to protect personal data.

10. Cookies and Tracking

We use essential cookies necessary for platform functionality and security. We do not use non-essential cookies or tracking technologies without consent. Cookie preferences can be managed through browser settings.

11. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements or our practices. Updates will be posted on this page with a revised effective date. Material changes may be communicated via email or within the Platform.

12. Contact Us

For any questions or requests regarding this policy or your personal data, contact:

CLINDOCAI Ltd

Email: support@clindoc.ai

Data Protection Officer: support@clindoc.ai

13. Regulatory Complaints

You may lodge complaints with the relevant supervisory authority, including:

  • United Kingdom: Information Commissioner's Office (ICO) – www.ico.org.uk

Healthcare-specific concerns should be directed to the appropriate professional regulatory body.