CliniqFlow — Intake. Insight. Better care.Sign up

Legal

Privacy Policy

This Privacy Policy describes how Prarthana Bhat, an individual sole proprietor operating under the trade name CliniqFlow, handles personal information when you use CliniqFlow.

Last updated: May 30, 2026

Service provider: Prarthana Bhat, an individual sole proprietor operating under the trade name CliniqFlow (India).

1. Who this policy applies to

This policy applies to clinic staff and administrators who create accounts, individuals who complete intake questionnaires through clinic links, and visitors to our website. For patient health information submitted by a clinic, the clinic is generally the controller and CliniqFlow acts as a processor/service provider on the clinic's behalf.

2. Information we collect

  • Account information: name, email, organization name, role, and authentication credentials.
  • Clinical workflow data: patient demographics, contact information, intake questionnaire responses, symptoms, structured intake highlights, documentation drafts, consent records, and related metadata submitted by clinics or patients via secure intake links.
  • Billing information: subscription plan and payment metadata processed by Razorpay. We do not store full payment card numbers.
  • Technical data: IP address, browser type, device information, log data, and error diagnostics needed to operate and secure the platform.
  • Consent records: consent version, timestamp, truncated or hashed IP where stored, and user agent string for audit purposes.

3. How we use information

We use information to:

  • Provide, maintain, and improve CliniqFlow.
  • Authenticate users, enforce access controls, and protect tenant isolation.
  • Generate draft documentation and structured intake highlights through rule-based logic and AI-assisted documentation and clinical decision-support.
  • Process subscriptions and account communications.
  • Monitor performance, prevent abuse, and comply with legal obligations.

We do not sell personal information. We do not use patient intake content for advertising.

4. AI processing

AI outputs are draft documentation and clinical decision-support only. Licensed practitioners must review and approve all outputs before clinical or operational use.

In restricted mode, we send minimized clinical context to AI providers: age, sex, symptoms, intake questionnaire responses, and rule-based intake theme highlights. We do not send patient name, email, phone, or physical address to AI providers in this mode.

We configure our OpenRouter integration to send X-OpenRouter-Data-Policy: deny to request that the provider not retain request data for training. Third-party provider policies govern actual retention. We do not guarantee provider compliance.

5. Access roles

  • Practitioners and clinic staff access records within their clinic according to role permissions.
  • CliniqFlow Support does not access patient records.
  • Platform administrators may access tenant systems for maintenance, security, compliance, and operations. Access is logged and auditable.

6. Sharing and subprocessors

We share information with service providers listed in our Subprocessor Disclosure, with your clinic organization per permissions, and with legal recipients when required by law.

7. Health information

Clinics may submit protected health information. Clinics are responsible for lawful bases and patient consents. CliniqFlow is a software platform, not a medical provider. We do not provide medical advice, diagnosis, or treatment. See Medical Disclaimer.

8. Retention

  • Clinical records: retained while your subscription is active and until deletion is requested, subject to backup cycles.
  • Audit logs: approximately six years (configurable).
  • Usage metrics: ninety (90) days.
  • Intake drafts: seven (7) days if not submitted.

9. Security

We use administrative, technical, and organizational measures described in our Security Policy. No method of transmission or storage is completely secure.

10. Your rights and requests

Clinic account holders may update account information in workspace settings. Patients should contact their clinic regarding intake data. Depending on your location, you may have rights to access, correct, delete, or restrict processing. Submit requests via Privacy Requests or privacy@cliniqflow.com. We aim to respond within 30 days where applicable.

11. International transfers

Information may be processed in India, the United States, and other countries where our subprocessors operate. Where required, we use appropriate safeguards such as Standard Contractual Clauses under our DPA.

12. Children

The service is not directed to children under 13. We do not knowingly collect personal information from children except where submitted by a clinic as part of lawful intake.

13. Changes and contact

We may update this policy by posting a revised version. Questions: privacy@cliniqflow.com.

Related policies