Privacy Policy

1. Introduction

ClinicAI ("we", "our", "us") operates a software-as-a-service clinic management platform designed for aesthetic clinics in Thailand. This Privacy Policy explains how we collect, use, disclose, and safeguard personal data in accordance with Thailand's Personal Data Protection Act B.E. 2562 (2019) ("PDPA") and other applicable laws.

This policy applies to all users of the ClinicAI platform, including clinic owners, administrators, doctors, and clinic patients whose data is processed through the platform.

2. Data We Collect

We collect the following categories of personal data:

• Clinic staff accounts: Name, email address, username, hashed password, role, and activity logs.
• Patient (clinic client) data: Name, phone number, LINE user ID, date of birth, Thai national ID (optional), treatment history, before/after photos, uploaded files, and satisfaction survey responses.
• Booking data: Appointment date and time, selected doctor, service, deposit payment status.
• Medical records: Consent forms, digital signatures, treatment notes, drug allergies, and underlying health conditions (when entered by clinic staff).
• Financial data: Payment slip images, subscription payments, expense records. We do not store full payment card numbers.
• Technical data: IP addresses, browser type, access logs, and WebSocket session identifiers for security and debugging purposes.

3. Legal Basis for Processing

Under the PDPA, we process personal data on the following legal bases:

• Contractual necessity: Processing required to deliver the clinic management service you have subscribed to.
• Consent: For optional features such as marketing messages, loyalty programmes, and satisfaction surveys. Consent may be withdrawn at any time.
• Legitimate interests: Platform security monitoring, fraud prevention, and service improvement — balanced against your rights.
• Legal obligation: Compliance with Thai healthcare regulations, PDPA record-keeping requirements, and tax reporting obligations.

4. How We Use Your Data

• Providing appointment booking, reminders, and clinic management features.
• Sending LINE messages such as booking confirmations, reminders, and loyalty point updates.
• Generating executive dashboards and reports for clinic owners.
• Processing subscription payments and sending billing notifications.
• Sending marketing campaigns to patients — only where explicit consent has been given.
• Detecting and preventing unauthorised access or misuse of the platform.
• Improving platform features and fixing bugs using anonymised, aggregated usage data.

5. Data Sharing and Disclosure

We do not sell personal data. We share data only in the following circumstances:

• LINE Corporation: Patient LINE user IDs and message payloads are processed by LINE's platform under their own privacy policy when the LINE OA integration is active.
• Google: Doctor calendar data is synced to Google Calendar where the doctor has connected their Google account.
• Cloud infrastructure: Our hosting provider processes data under a data processing agreement. All data is stored in servers that meet applicable security standards.
• Legal requirements: We may disclose data to government authorities when required by law, court order, or regulatory obligation.

Each clinic's data is strictly isolated from all other clinics on the platform. No clinic can access another clinic's data.

6. Data Retention

We retain personal data for as long as necessary to provide the service and meet legal obligations:

• Active clinic data is retained for the duration of the subscription.
• Medical records and consent forms are retained for a minimum of 5 years after the last treatment date, as recommended under Thai healthcare guidelines.
• Booking and financial records are retained for 7 years for tax and accounting purposes.
• After a clinic's subscription ends, data is held for 90 days then permanently deleted, unless longer retention is required by law.

7. Security Measures

We implement industry-standard safeguards to protect personal data:

• All data in transit is encrypted using TLS 1.2 or higher.
• LINE API credentials (channel secret and access token) are encrypted at rest using AES-256-GCM authenticated encryption.
• Admin passwords are hashed using bcrypt with a cost factor of 10 or higher.
• JWT session tokens are signed and expire automatically.
• Role-based access control ensures staff can only access data appropriate to their role.
• Patient consent form PDFs are embedded with a timestamp, digital signature, and stored securely.

8. Your Rights Under the PDPA

If you are a data subject whose personal data is processed through our platform, you have the following rights under the PDPA:

• Right to access: Request a copy of the personal data we hold about you.
• Right to rectification: Request correction of inaccurate or incomplete data.
• Right to erasure: Request deletion of your data where there is no lawful basis for continued processing.
• Right to restriction: Request that we limit the processing of your data in certain circumstances.
• Right to data portability: Receive your data in a structured, commonly used format.
• Right to object: Object to processing based on legitimate interests, including direct marketing.
• Right to withdraw consent: Withdraw consent at any time for consent-based processing, without affecting prior processing.

To exercise these rights, please contact the clinic that holds your records directly, or contact us at the address below if your request relates to data we control as the platform provider.

9. Cookies and Local Storage

The ClinicAI admin panel uses localStorage in your browser to store your session token, language preference, and UI settings. No third-party advertising cookies are placed on any ClinicAI page. The landing page does not set cookies.

10. Changes to This Policy

We may update this Privacy Policy periodically. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify clinic administrators by email. Continued use of the platform after changes constitutes acceptance of the updated policy.