Privacy Policy

1. INTRODUCTION

At MediLoop Software, we recognize that privacy and data security are the foundations of trust. This policy outlines how we collect, protect, and manage the data within your software ecosystem and custom-built websites. We act as a Data Processor for the client information you input or capture, while you remain the ultimate Data Controller.

2. DATA WE COLLECT

To provide the MediLoop suite of services, we process the following categories of data:

• Account Identity: Email addresses and secure credentials used to access the MediLoop backend (secured via Supabase Auth).
• Business Identity: Spa/Clinic name, location, billing details, and operational contact numbers.
• Software Client Records: End-user names, contact details, medical intake forms, treatment notes, and digital signatures.
• Website Visitor Data: Information captured via contact forms, lead generation tools, and anonymous analytics on MediLoop-hosted websites.

3. HOW DATA IS USED

Your data is utilized strictly to power and maintain your digital infrastructure:

• To facilitate secure clinical record-keeping and business operations within the software suite.
• To trigger automated communication protocols (such as SMS or WhatsApp win-back campaigns) strictly as directed by your configuration.
• To host, optimize, and secure the custom websites provided under our MediLoop Websites service.

4. DATA SECURITY & STORAGE

We utilize enterprise-grade encryption through our secure database providers. All clinical data and intake forms are stored in encrypted environments with strict Row-Level Security policies. MediLoop engineering and support staff do not access your specific client data unless explicitly requested by you for technical support and troubleshooting.

5. THIRD-PARTY INTEGRATIONS

Our ecosystem relies on trusted third-party infrastructure, including payment gateways for billing and official API providers for messaging automation. These providers comply with international data protection standards and possess their own stringent privacy policies governing the data transmitted through their networks.

6. DATA RETENTION & GOVERNANCE

You maintain control over your operational data. Upon the termination or cancellation of your MediLoop software subscription or website hosting retainer, your proprietary data will be retained in a secure, inactive state for 30 days to prevent accidental loss. Following this grace period, all associated records, databases, and website files are permanently deleted from our active servers.