Privacy Policy

1. Introduction

MedBookPro is committed to protecting your privacy and the privacy of your patients. Your trust is the foundation of our service. This Privacy Policy explains how we collect, use, store, and protect your information when you use the MedBookPro platform.

2. Information We Collect

We collect the following types of information in order to provide and improve our service:

• Practice information — practice name, address, contact details, and configuration settings
• Provider profiles — names, email addresses, phone numbers, specialties, and professional details of healthcare providers using the platform
• Appointment records — scheduling data, appointment notes, and related clinical information entered by your practice
• Billing records — invoices, payments, service catalogues, and financial data related to your practice
• Patient data — patient records, clinical notes, vitals, and other data entered by your practice in the course of providing care
• AI conversation logs — queries and responses from the Medic AI feature, retained for service improvement
• Device and browser information — browser type, operating system, IP address, and device identifiers

3. How We Use Your Information

Your information is used solely to provide and improve the MedBookPro service. Specifically, we use it to:

• Provide, operate, and maintain the MedBookPro platform
• Send transactional emails (appointment confirmations, account notifications, password resets)
• Provide customer support and respond to enquiries
• Analyse usage patterns to improve features and user experience
• Ensure the security and integrity of the platform

4. What We Do Not Do

We want to be absolutely clear about what we will never do with your data:

• We do not sell, share, or disclose patient data to any third party
• We do not use patient data for advertising or marketing purposes
• We do not rent or trade your personal information or patient data to any third party, for any reason, under any circumstances

5. Data Security

We take the security of your data seriously. Our measures include:

• Encrypted in transit — all data transmitted between your browser and our servers is encrypted via HTTPS/SSL
• Secure cloud infrastructure — your data is stored on secure, professionally managed cloud infrastructure
• Restricted access — access to data is restricted to authorised systems only. Our staff access patient data only when strictly necessary for technical support, and only with your written authorisation
• Role-based access controls and least-privilege principles
• Comprehensive audit logging and monitoring
• Regular security reviews and vulnerability assessments

6. Data Ownership

All patient data belongs to the healthcare practice. MedBookPro acts as a data processor on behalf of your practice. Your practice is the data controller and retains full ownership and control of all data entered into the platform. We only access your data as necessary to provide and maintain the service.

7. Third-Party Services

We use a limited number of third-party service providers to operate the platform. We only share the minimum data necessary for each service to function:

• AI processing provider — for powering the Medic AI clinical reference feature
• Email delivery provider — for sending transactional emails (appointment confirmations, notifications, password resets)
• Cloud hosting provider — for securely hosting the platform and storing data
• DNS and security provider — for domain management, DDoS protection, and content delivery

Each third-party provider operates under their own terms of service and privacy policies. We carefully select providers who maintain high standards of data protection and security.

8. AI Processing

When you use the Medic AI feature:

• Clinical queries are sent to our AI processing provider to generate responses
• Only the minimum context necessary is shared to generate an accurate response
• AI conversation data is not stored or used for training by the AI provider
• We retain AI conversation logs to monitor service quality and improve the feature

9. Data Retention

• Active accounts — your data is maintained for as long as your account remains active
• Account closure — upon account closure or request, all data is securely deleted
• Grace period — data is retained for 90 days following account termination to allow for data recovery or export
• Permanent deletion — after the grace period, all data is permanently and securely deleted, including backup copies within 30 days

10. Your Rights

You have the right to:

• Access your data — request a copy of the personal data we hold about you
• Correct inaccuracies — update or correct any inaccurate personal information
• Request deletion — ask us to delete your personal data at any time
• Export your data — request a portable copy of your data in a standard format

Contact us at [email protected] to exercise any of these rights. We will respond promptly.

11. Cookies

We use only essential session cookies for authentication purposes. These cookies are necessary to maintain your login session and keep you signed in as you navigate the platform. We do not use:

• Tracking cookies
• Advertising or marketing cookies
• Third-party analytics cookies

12. Changes to Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email, giving you time to review the changes before they take effect.

13. Contact

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

MedBookPro
Castries, Saint Lucia
Email: [email protected]