Privacy Policy

Last updated: 1 March 2026

This Privacy Policy explains how joinclinicflow (trading as ClinicFlow) collects, uses, and protects your personal data and your patients' data. We are committed to full compliance with the UK GDPR and the Data Protection Act 2018.

1. Who We Are

joinclinicflow is the Data Controller for practitioner data and Data Processor for patient data. Contact: joinclinicflow@gmail.com · www.joinclinicflow.org

2. Data We Collect

We collect only what is strictly necessary:

• Practitioner data: name, clinic name, email address, phone number
• Patient data: first name, phone number, email address (if provided), appointment date and time

We never collect sensitive medical information, diagnoses, or treatment details.

3. How We Use Your Data

• To send appointment reminder SMS and emails to your patients on your behalf
• To send you monthly performance reports
• To manage your subscription and billing
• To provide customer support

Patient data is never used for marketing, never sold, and never shared with third parties.

4. Legal Basis for Processing

• Practitioner data: Contract performance and legitimate interests
• Patient data: Legitimate interests (appointment management) — you confirm patient consent before sharing data with us

5. Data Retention

• Patient data: deleted within 14 days of service cancellation
• Practitioner account data: retained for 6 years for legal/accounting purposes, then deleted
• You can request deletion at any time by emailing joinclinicflow@gmail.com

6. Data Security

All data is stored securely with restricted access limited to joinclinicflow staff only. We use industry-standard encryption for data in transit and at rest.

7. Your Rights (UK GDPR)

You have the right to:

• Access your personal data
• Correct inaccurate data
• Request deletion of your data
• Object to processing
• Data portability

To exercise any of these rights, email joinclinicflow@gmail.com.

8. Third-Party Services

• Twilio: SMS delivery provider
• Paddle: Payment processing (subject to Paddle's Privacy Policy)
• Google Workspace: Email communication

9. Contact

Questions about this Privacy Policy? Contact joinclinicflow at joinclinicflow@gmail.com

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.