Privacy Policy

1. Data Controller vs. Data Processor

Under this agreement, the clinic subscribing to Klinio acts as the Data Controller for all patient database records, treatment schedules, clinical notes, and clinical media. Klinio operates solely as the Data Processor, handling synchronization and database hosting only as directed by the clinic controller.

2. Scope of Collected Information

• Clinic Account Data: Registration name, clinic details, contact emails, invoices, and active licenses are processed to manage subscriptions.
• Patient Data: Information inputted by the clinician (odontograms, body maps, session notes, vaccination logs, radiology archives) resides inside the secure local-first database cache or encrypted cloud database.
• Usage Metrics: Basic technical signals, app launch timestamps, and feature clicks are collected anonymously to refine performance. We do not inspect clinical media or clinical summaries.

3. Cookies & Analytics

Our public marketing website uses essential and performance cookies to track page counts, landing referrals, and contact form submissions. You can disable non-essential cookies via your web browser settings.

4. Data Subprocessors

We work with trusted subprocessors for hosting, secure database management, and email notifications (e.g. Supabase, AWS, Cloudflare, Twilio). A current subprocessor registry is available in our Data Processing Agreement (DPA).

5. Retention, Portability & Deletion

Clinic administrators can export patient files and financial databases in CSV or PDF formats at any time. Upon account cancellation or explicit request, all cloud backup segments matching the clinic identifier are deleted from our database tables within 30 days.

6. International Users & Compliance

Clinics are responsible for configuring their operational guidelines to match local regulatory boundaries (such as HIPAA in the US or GDPR in the EU). Klinio provides RLS, encryption, and local-first data sandbox options to assist in maintaining these security standards.