EzClinic
Terms Privacy Log In

Privacy Policy

Effective date: July 8, 2026

This Privacy Policy explains how EzTechify, the maker of EzClinic, collects, uses, and protects information when clinics, their staff, and their patients use our global SaaS platform. EzClinic is offered to customers worldwide, and this policy is written to reflect general privacy principles recognized internationally (including concepts drawn from frameworks such as the GDPR and similar regional laws). Where a specific local law grants you additional rights, those rights apply on top of this policy.

1. Who This Applies To

This policy covers three types of individuals: (a) Clinic staff (admins, doctors, receptionists) who create accounts to operate a clinic on EzClinic; (b) Patients whose records are entered into EzClinic by a subscribing clinic, or who register for the optional patient portal; and (c) Visitors to our public pages (e.g., the online booking page).

2. Our Role: Processor vs. Controller

For patient and clinical data entered by a Clinic (appointments, medical/dental history, documents, billing), EzTechify acts as a data processor / service provider — the subscribing Clinic is the data controller responsible for the lawful basis for collecting and using that data. We process it only per the Clinic's instructions and to operate the Service. For account data about Clinic staff and platform billing contacts, EzTechify acts as the controller.

3. What We Collect
  • Account data: name, email, phone, role, and password (stored as a salted hash, never in plain text).
  • Clinical & operational data entered by clinics: patient demographics, medical and dental history, appointments, treatment notes, prescriptions, lab orders, uploaded documents (e.g., x-rays), insurance details, and consent records.
  • Billing data: subscription plan, invoices, and payment status. Card/payment details are handled by our payment processors (e.g., Stripe, PayPal) — EzTechify does not store full card numbers.
  • Usage & technical data: login timestamps, IP address (for rate-limiting and security), audit logs of record changes, and basic error/diagnostic logs.
4. How We Use Data
  • To provide the core Service: scheduling, records, billing, reporting, and notifications.
  • To send transactional emails (appointment reminders, invoice notices, password resets) via the Clinic's own configured email sender or our platform mailer.
  • To maintain security: login rate-limiting, audit trails, and fraud/abuse prevention.
  • To operate the platform subscription business: billing, trial management, and support.
  • We do not sell personal data or patient data to third parties, and we do not use patient clinical data for advertising.
5. Data Isolation Between Clinics

EzClinic is architected as a multi-tenant platform where every clinical and operational record is scoped to the owning Clinic. Clinics cannot access another Clinic's data, and platform administrators access Customer Data only as needed to provide support or ensure platform integrity.

6. Data Sharing

We share data only with: (a) infrastructure and hosting providers who store data on our behalf; (b) payment processors to handle subscription and patient billing; (c) email delivery services to send notifications; and (d) authorities where required by law. All such providers are bound by confidentiality and data-protection obligations appropriate to the data involved.

7. International Data Transfers

As a global SaaS product, data may be processed in countries other than where a Clinic or patient is located. Where required by applicable law, we rely on appropriate safeguards (such as standard contractual clauses or equivalent mechanisms) for cross-border transfers.

8. Data Retention

Customer Data is retained for as long as a Clinic's account is active, plus a reasonable period after cancellation to allow data export, after which it may be deleted or anonymized, unless a longer retention period is required by healthcare recordkeeping laws applicable to the Clinic.

9. Security

We apply technical and organizational safeguards including password hashing, session-based CSRF protection, login rate-limiting and account lockout, tenant-scoped data access controls, encrypted connections, and restricted/authenticated access to uploaded documents. No system is 100% secure, and we encourage Clinics to use strong, unique passwords and to promptly report suspected unauthorized access.

10. Your Rights

Depending on your location, you may have rights to access, correct, export, or request deletion of your personal data, and to object to or restrict certain processing. Patients should generally direct such requests to their clinic (the data controller); clinic staff and billing contacts can contact EzTechify directly. We will honor valid requests in accordance with applicable law.

11. Children's Data

EzClinic may store health records of minor patients where a subscribing clinic treats minors, entered and managed under the clinic's own consent and guardianship procedures. EzTechify does not knowingly collect personal data directly from children through public, unauthenticated parts of the Service (e.g., the booking page) outside of that clinic-managed context.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Material changes will be communicated via the Service or by email.

13. Contact

Questions about this Privacy Policy or requests regarding your personal data can be directed to EzTechify through the support contact provided in your EzClinic account.

© 2026 EzTechify. EzClinic is a product of EzTechify.