Clinic Code – Privacy Policy

Clinic Code – Privacy Policy
Last updated: [December 30, 2025]

This Privacy Policy explains how Clinic Code (“Clinic Code”, “we”, “us”, or “our”) collects, uses, discloses, and protects information when you use the Clinic Code mobile application and related services (collectively, the “Service”). By using the Service, you agree to the practices described in this Policy.

If you do not agree with this Policy, please do not use the Service.

1) Who we are & scope
Application: Clinic Code (clinic management & patient services app).
Provider/Owner: Ahmad Oussama Rifai
Website:https://www.thevirtualnephrologist.com/ 
Privacy Policy URL: https://www.thevirtualnephrologist.com/clinic-code-privacy-policy/
Contact: mmmubaker@gmail.com
Address: Kayabaşı Mah. Şehit Semih Balaban Cd. No:6H İç Kapı No:8, Başakşehir – 34196, Istanbul, Turkey

This Policy applies to all users, including patients, healthcare providers, and clinic staff who access the Service.

2) Roles (Controller / Processor)
a) Account and service data: Clinic Code is the data controller for account, support, security, and technical/diagnostic data processed to operate the Service.
b) Clinical/health records (when enabled by a clinic/provider): The clinic/healthcare provider you are connected with is the data controller for clinical records. Clinic Code acts as a data processor, processing such data on the provider’s instructions to deliver the Service.

3) Definitions
Account: A unique profile created for you to use the Service.
Personal Data: Any information that identifies or can reasonably identify an individual.
Sensitive Health Data: Medical information such as diagnoses, treatments, prescriptions, and clinical records.
Device Data: Information about your device and app performance (e.g., OS version, device model).
Service Providers: Vendors who process data on our behalf (e.g., hosting, messaging, analytics/crash reporting).

4) What we collect
a) Information you provide
– Identification & contact: name, phone number, email, clinic/role.
– Account & profile details: specialty (for providers), clinic affiliation, profile photo (optional).
– App inputs: appointments, messages, notes, and files you choose to upload (e.g., documents or images).

b) Sensitive health data (when applicable)
If your clinic enables electronic medical records, treatment plans, or tele-consultation features, the Service may process health data entered by your clinic/provider(s). In those cases, your clinic/provider controls the clinical record and determines applicable retention.

c) Location data (only if you enable a feature that requires it)
[Choose ONE option and delete the other:]
Option 1 (if you DO collect location):
We collect approximate or precise location only with your consent and only for features that require it (e.g., clinic/staff check-in geofencing, directions to clinics, or fraud prevention for check-ins). You can manage location permissions in your device settings.
Option 2 (if you DO NOT currently collect location):
We do not collect your device location by default. If we introduce a location-based feature in the future, we will request permission and use location only with your consent for that feature.

d) Device & usage data (collected automatically)
Device model, OS and app version, language, crash logs, performance diagnostics, and limited interaction events used to improve reliability, security, and user experience.

e) Permissions the app may request (depending on enabled features)
– Camera: scanning QR codes, capturing or uploading images/documents, video consults (if enabled).
– Photos/Media/Files: attaching documents or profile images (optional).
– Microphone: audio for tele-consultations (optional).
– Notifications: appointment reminders, account alerts, security notifications.

5) Why we use your data
We use Personal Data to:
– Provide, operate, and maintain the Service (scheduling, account access, and clinic workflows).
– Create and manage your Account and authenticate access.
– Send transactional communications (appointment reminders, security alerts, service updates).
– Provide customer support and respond to requests.
– Monitor, secure, and improve performance, reliability, and user experience.
– Comply with legal obligations and enforce our terms.

We do not sell your Personal Data.
We do not use sensitive health data for advertising.

6) Legal bases (where applicable)
Where required by law (e.g., in the EEA/UK), we process Personal Data based on: performance of a contract, legitimate interests (e.g., security, service improvement), legal obligations, and consent (e.g., for location, certain notifications). You may withdraw consent at any time via device/app settings; this does not affect prior lawful processing.

7) Sharing your data
We may share Personal Data with:
– Service Providers (hosting, storage, messaging, analytics/crash reporting) under contracts requiring confidentiality and data protection.
– Clinics/Healthcare providers you are connected with in the app (e.g., your selected clinic can access your appointment info; clinical records are controlled by the provider).
– Legal authorities when required by law or to protect rights, safety, and security.
– Business transfers (merger/acquisition/asset sale). Your data will remain protected under this or a materially similar policy.

We do not share Personal Data with third parties for their independent marketing.

8) Retention
We retain Personal Data as long as needed to provide the Service, comply with legal requirements, resolve disputes, and enforce agreements.
– Account and support records: retained while your account is active and for a limited period after deletion where required for security, fraud prevention, or legal obligations.
– Clinical records: retention is determined by the clinic/provider and applicable healthcare regulations.
– Diagnostic logs: retained for a limited period, unless needed for security or legal reasons.

9) International transfers
Your data may be processed and stored in data centers located outside your country. We implement reasonable safeguards to protect Personal Data during transfer and storage in accordance with this Policy and applicable law.

10) Your rights & choices
Subject to applicable law, you may:
– Access, correct, or update your Personal Data in your account.
– Withdraw consent for optional permissions (e.g., location/notifications) via device settings.
– Request deletion of your account and certain data (see Section 11).
For clinical records, contact your clinic/healthcare provider (the data controller) to exercise rights related to those records.

11) Account & data deletion
In-app deletion:
You can initiate account deletion in the app via: [Settings > Account > Delete account].
Web deletion request (for users who no longer have the app installed):
You can initiate a deletion request via: [https://NEW-DOMAIN]/delete-account

What happens when you delete:
– We delete or anonymize data we control that is not required for security, fraud prevention, or legal obligations.
– Clinical/medical records are controlled by your clinic/provider and may not be deleted by Clinic Code; contact your clinic/provider for requests related to clinical records.

12) Security
We use administrative, technical, and organizational measures designed to protect Personal Data (e.g., encryption in transit, access controls). However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

13) Not for emergencies / medical disclaimer
Clinic Code is intended to support appointment management and clinic workflows. It is not an emergency service. If you have a medical emergency, contact local emergency services immediately.

14) Children’s privacy
The Service is not directed to children under 13 (or the age required by your local law). If you believe we have collected Personal Data from a child without proper consent, please contact us and we will take appropriate steps to remove the data.

15) Third-party links & content
The Service may contain links to third-party websites or services. We are not responsible for their content or privacy practices. Please review their privacy policies.

16) Changes to this Policy
We may update this Policy from time to time. We will post the updated version with a new “Last updated” date, and where required, notify you by in-app notice, email, or other reasonable means.

17) Contact us
If you have questions or requests regarding this Privacy Policy or your Personal Data, contact us at:
Email: mmmubaker@gmail.com
Address: Kayabaşı Mah. Şehit Semih Balaban Cd. No:6H İç Kapı No:8, Başakşehir – 34196, Istanbul, Turkey