Privacy Policy

Last updated: May 8, 2026

1. Who We Are

P-Connect ("we", "our", "us") is a clinic management platform that helps healthcare providers manage patient records, appointments, billing, and prescriptions digitally. This privacy policy explains how we collect, use, and protect data processed through our platform.

2. Data We Collect

Clinic Data (provided by clinic administrators)

  • Clinic name, address, phone, email
  • Staff details (name, email, role, qualifications)

Patient Data (entered by clinic staff with patient consent)

  • Name, phone number, email, age, gender, address
  • Medical history, visit records, diagnoses, prescriptions
  • Billing and payment information

Usage Data (collected automatically)

  • Login timestamps and IP addresses (for security)
  • Pages visited and actions performed (for audit trail)

3. How We Use Data

Data is used solely for:

  • Providing clinic management services (appointments, records, billing)
  • Generating reports for the clinic
  • Sending password reset emails and system notifications
  • Maintaining security and audit logs

We do not:

  • Sell or share patient data with third parties
  • Use patient data for advertising or marketing
  • Access patient medical records unless required for technical support

4. Consent

Patient data is collected by clinic staff only after obtaining patient consent. Clinics are responsible for obtaining appropriate consent from their patients before entering data into P-Connect. A consent confirmation is recorded during patient registration.

5. Data Access & Isolation

  • Each clinic's data is completely isolated — no clinic can access another clinic's data
  • Within a clinic, access is role-based (Admin, Doctor, Receptionist)
  • Doctors can only see their own patients' records
  • All data access is logged for audit purposes

6. Data Security

  • All data transmitted over HTTPS (256-bit SSL encryption)
  • Passwords securely hashed using industry-standard algorithms
  • HTTP-only cookies for authentication (XSS protection)
  • Rate limiting on all API endpoints
  • Input sanitization to prevent injection attacks

7. Data Storage

Data is stored on secure cloud servers with automated backups. We use industry-standard cloud infrastructure providers with encryption at rest and in transit.

8. Data Retention

  • Patient data is retained as long as the clinic's account is active
  • Clinics can request deletion of specific patient records
  • Upon account termination, all clinic data is deleted within 30 days
  • Audit logs are retained for 1 year for security purposes

9. Your Rights

Under the Digital Personal Data Protection (DPDP) Act, 2023:

  • Right to Access: Request a copy of your data
  • Right to Correction: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data
  • Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, contact us at the email below.

10. Third-Party Services

We use the following third-party services:

  • Cloud hosting (for data storage and application delivery)
  • Email service (for password resets and notifications only)

No patient data is shared with these services beyond what is necessary for operation.

11. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated date. Continued use of the platform after changes constitutes acceptance.

12. Contact

For privacy-related queries, data requests, or concerns:
Email: support@pconnect.work
Entity: P-Connect