Privacy Policy

1. About CliniKite

CliniKite is a clinic management platform developed and operated by HexaRadius (“we,” “us,” “our”). We provide appointment scheduling, prescription management, billing, and patient communication tools to independent doctors and small clinics across India.

Data controller:For patient data stored within a clinic's CliniKite installation, the treating clinic is the data controller. HexaRadius acts as a data processor solely for the purpose of delivering WhatsApp appointment notifications.

Contact: hello@clinikite.in

2. Data We Process and Why

When a clinic uses CliniKite's WhatsApp integration to send appointment reminders, we process the minimum data required for message delivery:

We do not process medical records, prescriptions, diagnoses, lab results, or any other clinical data through our infrastructure. All clinical data remains on the clinic's own server.

3. How Data Is Stored

CliniKite is architected around data sovereignty. Each clinic runs its own isolated instance with a dedicated PostgreSQL database on its own infrastructure — whether that is on-premise hardware, a private cloud instance, or a clinic-owned VPS.

HexaRadius does not have access to clinic databases. There is no shared multi-tenant data store, no admin credential that grants us access, and no data replication to our servers. The clinic holds all database credentials and encryption keys.

For WhatsApp delivery, appointment notification data is transmitted to the Meta WhatsApp Business API over TLS-encrypted connections and is not persisted on our systems after successful delivery.

4. Third-Party Data Sharing

We share patient data only with the parties necessary to deliver the appointment reminder service:

• Meta Platforms (WhatsApp Business API)— to deliver appointment notification messages. Meta processes this data under its own terms of service and privacy policy.
• The treating clinic— the data controller that initiated the appointment and the reminder.

We do not sell, licence, or otherwise disclose patient data to:

• Pharmaceutical companies or pharma analytics firms
• Insurance providers or underwriters
• Advertisers, ad networks, or data brokers
• Any other third party not listed above

5. Opting Out of WhatsApp Messages

You may stop receiving WhatsApp messages from your clinic at any time by replying STOP to any message. Upon receiving your opt-out request:

• Your clinic is immediately notified of your preference.
• No further WhatsApp messages will be sent to your number by that clinic through CliniKite.
• Your opt-out does not affect your medical appointments, treatment, or your relationship with your doctor.

6. Your Rights

Under applicable Indian data protection law, including the Digital Personal Data Protection Act, 2023 (once fully enforced), you have the right to:

• Access— request confirmation of whether your personal data is being processed and obtain a copy.
• Correction— request correction of inaccurate or incomplete personal data.
• Erasure— request deletion of your personal data, subject to applicable legal retention requirements.
• Withdrawal of consent— withdraw consent for WhatsApp communications at any time by replying STOP or contacting your clinic.
• Grievance redressal— raise a complaint regarding the processing of your personal data.

To exercise any of these rights, contact your clinic directly or email hello@clinikite.in. We will respond within 30 days.

7. Security Measures

All data transmitted between clinic instances and the WhatsApp Business API is encrypted in transit using TLS 1.2 or higher. Clinic databases are encrypted at rest using AES-256. Access to production infrastructure is restricted to authorised personnel and protected by multi-factor authentication.

8. Changes to This Policy

We may revise this policy to reflect changes in our practices or applicable law. Material changes will be posted on this page with an updated effective date. We recommend reviewing this page periodically.