Privacy policy

Last updated: April 23, 2026

This is a template — please have a lawyer review before production use.

1. Introduction

This policy explains what data OCA-Clinic collects, how we use it, and what rights you have. It applies to clinics using our service and their patients whose data is processed through it.

2. Data we collect

Account data (name, email, phone, clinic), patient and clinical data entered by clinic staff, billing data (invoices, payments), and technical data (IP, device, logs).

3. How we use data

To deliver the service, process e-invoices with tax authorities where applicable, send operational communications, provide support, and improve the product.

4. Sharing

We do not sell your data. We share data with sub-processors (hosting, email delivery, tax authority integrations) strictly to provide the service, and when required by law.

5. Retention

We keep data while your account is active and for a limited period after cancellation, then delete or anonymize it unless longer retention is required by law.

6. Security

Encryption in transit and at rest, daily encrypted backups, role-based access control, audit logs. See our Security page for more.

7. Your rights

You can access, export, correct, or request deletion of your data. Contact privacy@oca-clinic.com to exercise these rights.

8. Contact

Questions about privacy? Email privacy@oca-clinic.com.