CliniqFlow — Intake. Insight. Better care.Sign up

Legal

Data Processing Addendum

This Data Processing Addendum ("DPA") forms part of the agreement between Customer and Prarthana Bhat, an individual sole proprietor operating under the trade name CliniqFlow.

Last updated: May 30, 2026

Service provider: Prarthana Bhat, an individual sole proprietor operating under the trade name CliniqFlow (India).

1. Roles

Customer is the controller (and business associate where applicable) of personal data and protected health information submitted to the service. CliniqFlow is the processor processing such data on Customer's documented instructions.

2. Subject matter and duration

CliniqFlow provides patient intake forms, demographic and symptom collection, intake questionnaires, rule-based intake structuring, and AI-assisted documentation and clinical decision-support. Outputs are draft documentation for licensed practitioner review. CliniqFlow is not an EHR, telehealth platform, insurance platform, prescription platform, treatment management platform, or appointment scheduling system.

Processing continues for the term of the Customer's subscription and as needed for post-termination export, deletion, and legal retention.

3. Categories of data and subjects

  • Data subjects: clinic staff, patients completing intake, and account administrators.
  • Personal data: account information, patient demographics and contact details, intake responses, symptoms, documentation drafts, consent records, and usage logs.

4. Processor obligations

  • Process personal data only on Customer instructions, including via the service.
  • Ensure personnel confidentiality.
  • Implement measures in the Security Policy.
  • Engage subprocessors per the Subprocessor Disclosure with thirty (30) days notice of material changes where feasible.
  • Assist with data subject requests where technically feasible.
  • Notify Customer without undue delay of confirmed personal data breaches.
  • Delete or return data upon termination subject to legal retention.

5. International transfers

Where personal data is transferred outside the Customer's jurisdiction, CliniqFlow will use appropriate safeguards including EU Standard Contractual Clauses (Module 2: Controller to Processor) and the UK International Data Transfer Addendum where applicable.

6. Audit

Customer may export tenant audit logs through the compliance settings in the product or request additional information reasonably necessary to demonstrate compliance, subject to confidentiality and security constraints.

7. HIPAA / BAA

Where Customer is a covered entity or business associate under HIPAA and submits PHI, the parties may execute a separate Business Associate Agreement. Customer is responsible for determining whether a BAA is required.

8. Liability

Liability under this DPA is subject to the Limitation of Liability and Indemnification and Terms of Service, except where mandatory law provides otherwise.

9. Contact

Data protection inquiries: privacy@cliniqflow.com

Related policies