Privacy Policy

1. Who We Are

This App is owned and operated by the clinic or healthcare facility using Patient Plus ERP ("Clinic Operator"). The App is powered by Patient Plus, a healthcare management platform developed by Sismatix Information Systems, which acts solely as a technology provider and data processor on behalf of the Clinic Operator.

For purposes of this policy, "we", "us", or "our" refers to the Clinic Operator, and "Sismatix" refers to the platform provider.

2. Information We Collect

We collect only the information necessary to provide healthcare services through this App, including:

Personal Information

• • Full name, date of birth, gender, nationality
• • Phone number, email address, home address
• • (Optional) Government-issued ID number

Appointments

• • Appointment history
• • Diagnoses, prescriptions, and treatment notes
• • Lab results and medical documents you upload

Financial Information

• • Billing details and payment history
• • Insurance information (if applicable)

Technical & Device Information

• • Device type, operating system, app version
• • IP address and general location (city level)
• • App usage data and crash reports

3. How We Use Your Information

We use collected information solely to:

• • Provide and manage your appointments and records
• • Enable communication between you and your care team
• • Send appointment reminders and notifications
• • Process payments and issue invoices
• • Improve App functionality and user experience
• • Comply with applicable laws and regulations

We do not use your health data for advertising, profiling, or any purpose unrelated to your care.

4. Data Sharing & Third-Party Services

We do not sell your personal data. Your data may be shared only in the following circumstances:

• • Authorized clinic staff — doctors, nurses, and administrative staff involved in your care
• • Technology providers — Sismatix Information Systems as the platform operator; hosting and infrastructure providers (data processing agreements in place)
• • Payment processors — to handle transactions securely
• • Messaging services — to deliver SMS and push notifications
• • Legal obligation — when required by a court order, regulation, or competent authority

All third-party service providers are contractually required to handle your data securely and only for the stated purpose. We do not share your data with advertisers or data brokers.

5. Data Processing

Sismatix Information Systems processes your data strictly as a data processor on behalf of the Clinic Operator (the data controller). Sismatix accesses data only to:

• • Operate and maintain the platform
• • Provide technical support to the clinic
• • Maintain system security and integrity

Sismatix does not independently use, sell, or share your personal or health data.

6. Data Storage & Retention

Storage Location: Your data is stored on secure servers. Data may be stored or processed in a country other than your own. By using the App, you consent to this transfer, which is conducted with appropriate safeguards.

Retention Period: We retain your personal and medical data for as long as your account is active, or as required by applicable healthcare and legal regulations. Medical records are typically retained for a minimum of 10 years from the date of your last visit, or as mandated by local law. Financial records are kept for the period required by accounting regulations. You may request deletion of your account at any time (see Section 8).

7. Data Security

We implement industry-standard security measures to protect your data, including:

• • Encryption of data in transit (HTTPS/TLS)
• • Access controls and role-based permissions
• • Regular security audits and vulnerability testing
• • Secure, backed-up server infrastructure

While we take all reasonable precautions, no system is completely immune to security risks. In the event of a data breach that affects your rights, we will notify you as required by applicable law.

8. Data Deletion & Account Removal

You have the right to request deletion of your account and associated personal data. To do so:

• • In-App: Go to Settings → Delete Account and follow the on-screen steps.
• • By Email: Send a deletion request to the clinic's contact email (shown in the Contact section below), clearly stating your full name, phone number, and request.

What gets deleted: Upon a verified deletion request, your account credentials and personal profile will be permanently removed within 30 days.

What may be retained: Certain appointment records and financial data may be retained beyond deletion for the minimum period required by healthcare regulations or applicable law, after which they will be anonymized or destroyed.

9. Communications

We may contact you for service-related purposes via:

• • Push notifications — appointment reminders and updates (can be disabled in device settings)
• • In-app messages — communication from your care team
• • Email — invoices and account-related notices

We do not send unsolicited marketing communications. You may opt out of non-essential notifications at any time via the App settings or by contacting the clinic.

10. Children's Privacy

This App is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13 without verified parental or guardian consent.

Where a child is a patient, the parent or legal guardian must register and manage the account on the child's behalf. The guardian accepts this Privacy Policy on behalf of the child.

If you believe we have inadvertently collected data from a child under 13 without consent, please contact us immediately (see Section 12) and we will delete the information promptly.

11. Your Rights

Depending on your jurisdiction, you have the following rights regarding your personal data:

• • Access — request a copy of the data we hold about you
• • Correction — request correction of inaccurate or incomplete data
• • Deletion — request deletion of your account and personal data (see Section 8)
• • Portability — request your data in a structured, machine-readable format
• • Restriction — request that we limit how we process your data in certain circumstances
• • Objection — object to processing based on legitimate interest
• • Withdraw Consent — where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, contact the clinic (see Section 12). We will respond within 30 days. Note that some rights may be limited where retention is required by law.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the Effective Date at the top of this page and, where appropriate, notify you via the App or email. Continued use of the App after changes are posted constitutes your acceptance of the updated policy.

We encourage you to review this policy periodically.