Privacy Policy

01 Information We Collect

We collect the following categories of information when you or your clinic use PatientHub:

• Account information: Name, email address, phone number, role (doctor, secretary, administrator), and login credentials.
• Clinic information: Clinic name, address, phone number, working hours, specialities, and logo.
• Patient records: Patient name, date of birth, contact details, medical history, diagnoses, prescriptions, dental chart records, and any data entered by authorized clinic staff.
• Appointment data: Scheduled dates, times, clinic location, appointment type, status, and session notes.
• Billing and financial data: Invoice details, payment status, amounts, expense records, and clinic revenue information.
• Form submissions: Patient responses to custom intake forms, medical questionnaires, and pre-visit reports created by the clinic.
• Prescription data: Digital prescription records including medications, dosage, frequency, and prescribing doctor.
• Dental chart data: Per-tooth treatment records, clinical notes, and treatment catalog entries.
• WhatsApp contact data: Patient phone numbers used to send appointment reminders and notifications via the WhatsApp Business integration.
• Google Calendar tokens: OAuth access tokens used to sync appointments with Google Calendar on behalf of authorized users. These are stored securely and used solely for calendar sync purposes.
• Activity logs: Records of user actions within the platform (logins, record edits, permission changes) for audit and security purposes.
• Technical data: IP address, browser type, device type, operating system, and session identifiers collected automatically when you use the platform.

02 How We Use Your Information

We use the collected information to:

• Provide, operate, and improve the PatientHub platform and all its features.
• Manage appointments, patient records, billing, prescriptions, and dental charts on behalf of clinics.
• Send appointment reminders and notifications to patients via WhatsApp, where enabled by the clinic.
• Sync appointment data with Google Calendar when authorized by the user.
• Enforce role-based access controls to ensure each user sees only the data they are authorized to access.
• Maintain audit logs for security, compliance, and accountability.
• Communicate important system updates, maintenance notices, and support responses.
• Analyze aggregated usage data to improve platform performance and user experience.
• Prevent unauthorized access, fraud, and misuse of the platform.

03 Patient Data & Medical Records

• Patient data (including medical records, prescriptions, dental charts, and form submissions) is entered and managed exclusively by authorized clinic staff.
• PatientHub does not own, interpret, or act upon patient medical records. We are a data processor — the clinic is the data controller.
• All medical data is treated as strictly confidential and is accessible only to users with the appropriate permissions within the clinic.
• Dental chart records, prescription data, and medical form responses are stored securely and tied to individual patient profiles within the platform.
• Clinics are responsible for obtaining patient consent where required by applicable law before entering patient data into the system.

04 WhatsApp Integration

• PatientHub integrates with the WhatsApp Business API to send appointment reminders, confirmations, and other clinic notifications to patients.
• Patient phone numbers are used solely for the purpose of sending messages authorized by the clinic.
• We do not use WhatsApp contact data for marketing, advertising, or any purpose beyond clinic-authorized messaging.
• Clinics are responsible for ensuring patient consent for receiving WhatsApp messages in compliance with applicable local laws.
• WhatsApp message logs may be stored for audit and troubleshooting purposes.

05 Google Calendar Integration

• PatientHub supports optional Google Calendar synchronization for doctors and staff.
• When you authorize Google Calendar sync, we receive and store OAuth tokens on your behalf to access and update your calendar.
• These tokens are stored securely and used only to create, update, or delete appointment events in your Google Calendar.
• We do not read, store, or share any other content from your Google account beyond appointment events created by PatientHub.
• You can revoke Google Calendar access at any time through your Google account settings or through the PatientHub configuration panel.

06 Data Security

We take data security seriously and implement the following measures:

• Encrypted connections (HTTPS/TLS) for all data transmission.
• JWT-based authentication with short-lived access tokens and secure refresh token rotation.
• Role-based access controls (RBAC) to limit data access by user role and permission.
• Secure password hashing using industry-standard algorithms.
• Activity audit logs to track all significant user actions within the platform.
• Regular system monitoring and vulnerability assessments.

No system can guarantee 100% security. We continuously work to improve our protections and respond promptly to any security incidents.

07 Data Sharing

We do not sell your data. We do not share patient or clinic data with third parties, except:

• When required by law, court order, or regulatory authority.
• To protect the legal rights or safety of PatientHub, its users, or the public.
• With trusted service providers who support platform operations (e.g., cloud hosting, email delivery, WhatsApp messaging), under strict confidentiality and data processing agreements.
• With the clinic administrator who manages your account, consistent with the role-based access structure of the platform.

08 User Responsibilities

Doctors, clinic administrators, and all authorized staff are responsible for:

• Keeping their login credentials confidential and not sharing them with unauthorized persons.
• Using the platform in compliance with applicable local healthcare privacy laws and regulations (e.g., Lebanese medical data regulations).
• Obtaining patient consent before entering patient data, sending WhatsApp messages, or enabling any integrations on behalf of patients.
• Promptly reporting any suspected unauthorized access or data breach to PatientHub support.

09 Cookies & Session Data

PatientHub uses cookies and local storage to:

• Maintain secure authenticated sessions (JWT tokens stored in browser storage).
• Remember user preferences (e.g., theme, language, selected clinic).
• Analyze platform usage to improve performance and user experience.

You can clear cookies and local storage through your browser settings, which will log you out of the platform. Some features may not function correctly if storage is disabled.

10 Data Retention

• Account and clinic data is retained for as long as your subscription is active.
• Patient records, billing data, and medical information are retained as configured by the clinic and in accordance with applicable healthcare record-keeping obligations.
• Activity logs are retained for a defined period for security and audit purposes.
• Upon account termination, data may be retained for a limited period as required by law before permanent deletion.

11 Your Rights

You have the right to:

• Access the personal data we hold about you or your clinic.
• Request correction of inaccurate or incomplete data.
• Request deletion of your account and associated data, subject to legal retention obligations.
• Revoke third-party integration access (e.g., Google Calendar) at any time.
• Request information about how your data is processed and shared.

To exercise any of these rights, contact us at support@chamaeleo.tech.

12 Children's Privacy

PatientHub is designed for use by licensed healthcare providers and clinic staff. It is not intended for direct use by individuals under 18. Patient records for minors may be entered by authorized clinic staff on behalf of the patient's guardian.

13 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our platform, integrations, or applicable law. Any significant changes will be communicated to registered users via email or an in-app notice. The updated policy will always be available on this page.