Privacy Policy

Last updated: April 26, 2026.

ZidBit Clinic OS is built by a small team that genuinely cares about keeping your data safe. We're not a large corporation — we're straightforward about what we collect, how we use it, and what your rights are. If you ever have a concern, we're easy to reach.

1. What Data We Collect

We collect the minimum data necessary to run the platform for your clinic:

  • Clinic Information: Name, address, contact details, and admin account details.
  • Patient Data: Records entered by your clinic staff — demographic info, visit history, clinical notes, and prescriptions.
  • Usage Data: Basic logs (page visits, actions taken) to keep the platform running smoothly and diagnose issues.
  • Analytics: We use Google Analytics on public-facing pages to understand general usage patterns. This never includes patient records.

2. Who Controls the Data

Your clinic owns its data. You decide what gets entered, who has access, and what happens to it. ZidBit processes that data only to provide the platform services you've signed up for — nothing else.

In legal terms: you are the Data Fiduciary (controller) and ZidBit is the Data Processor. We act on your instructions, not our own interests.

3. How We Use & Share Data

We do not sell your data. Period. We use it solely to operate the platform. We may look at anonymized, aggregated trends (e.g., "how many clinics use the appointment feature") to improve the product — but this never involves identifiable patient or clinic records.

4. Third-Party Services

To run the platform, we rely on a small set of trusted third-party services. These include cloud hosting providers (such as Vercel, Google Cloud, and Render), payment processors (Stripe or Razorpay), and a transactional email provider. We also use Google Analytics on public pages.

Each of these providers has their own security and privacy standards. We choose providers we trust and only share the data they need to do their job. An up-to-date list of our key service providers is available on request via the platform.

5. Cookies

We use essential cookies to keep you logged in and the platform functional. On public pages, Google Analytics may set cookies to track general usage patterns — no patient data is ever involved. You can disable non-essential cookies in your browser settings, though this may affect some functionality.

6. Data Security

We take security seriously. All data is encrypted in transit (SSL/TLS) and at rest (AES-256). Access to patient records within your clinic is controlled by the Role-Based Access Control (RBAC) settings you manage. We're a small team, so we're hands-on about keeping things locked down — but no system is 100% foolproof, and we won't pretend otherwise.

7. Data Retention

Here's how long we keep data:

  • Active accounts: Data is kept for the life of your subscription.
  • After cancellation: You'll have 30 days to export your data as CSV. After that, it's permanently deleted.
  • Billing records: Kept for up to 7 years for tax and legal purposes.
  • System logs: Deleted after 90 days.

We strongly recommend exporting your data before cancellation if you need it for compliance or record-keeping.

8. Your Rights

Under applicable data protection laws, including India's DPDP Act 2023, you have the right to access, correct, or request deletion of your personal data. You can also request a copy of your clinic data in CSV format at any time.

To exercise any of these rights, reach out to us through the platform's support channel or at support@zidbit.com. We'll do our best to respond promptly.

9. If Something Goes Wrong

If we ever become aware of a security incident that affects your data, we will notify affected clinics without undue delay through the platform's notification channel. We'll be transparent about what happened, what data was involved, and what we're doing to fix it. We're a small team — if something breaks, we'll be the first to tell you.

10. Compliance

We aim to comply with India's Digital Personal Data Protection (DPDP) Act, 2023 and the Information Technology Act, 2000. As the platform grows and regulations evolve, we will update our practices accordingly. If you have specific compliance requirements for your region, get in touch and we'll do our best to help.

11. Changes to This Policy

If we make meaningful changes to this policy, we'll let you know through the platform's notification channel before the changes take effect. Continuing to use ZidBit Clinic OS after that means you're okay with the update.

Questions about this policy? Reach us through the platform or at support@zidbit.com.