Privacy Policy
Carevix ("we", "us") operates a SaaS platform that helps clinics reach patients via WhatsApp and manage clinical operations. This policy explains what personal information we collect, why we collect it, and how we protect it.
1. Information we collect
- Account data: name, email, phone, role, clinic name.
- Patient data uploaded by your clinic (names, phone numbers, appointment records, consent status).
- Usage data: sign-in timestamps, IP address, user agent, request telemetry.
- Billing data: plan, order IDs, payment reference returned by our payment processor (we do not store card details).
2. How we use it
- Provide the service, secure accounts, and send transactional notifications.
- Deliver WhatsApp messages you schedule to your patients via Meta's Cloud API.
- Improve product reliability using aggregate, de-identified analytics.
3. Data ownership
Patient data remains the property of your clinic. We act as a processor under your instructions. See our Data Processing Agreement.
4. Sub-processors
- Meta Platforms, Inc. — WhatsApp Business Cloud API (message delivery)
- Razorpay Software Private Limited — payment processing
- Cloud hosting provider (region declared at contract signing)
- Transactional email provider (if configured)
5. Retention
Operational logs are retained for 90 days. Audit logs are retained for 7 years where required by applicable healthcare regulations. Patient records are retained while your account is active and deleted on request within 30 days of termination, except where legal retention requirements apply.
6. Security
We use HTTPS, bcrypt password hashing, JWT access tokens with rotation, account lockout, rate limiting, CSRF protection, and row-level tenant isolation. See our public status page.
7. Your rights
You may request access, correction, export, or deletion of your personal data by writing to privacy@carevix.in. We respond within 30 days.
8. Children
The platform is designed for licensed medical professionals. Patient records created for children are processed solely at the direction of your clinic and the patient's guardian.
9. Contact
Data Protection Officer: dpo@carevix.in