Data Deletion Policy

Effective Date: 18 Aug 2025
Last Updated: 19 Nov 2025

At Doxmate, we respect patient privacy, healthcare confidentiality, and user rights. This Data Deletion Policy explains how clinics, hospitals, administrators, and patients can request deletion of personal data stored or processed by Doxmate.

Doxmate is owned and operated by Brainox Tech.

This policy applies to all Doxmate services, including account signup, dashboard usage, WhatsApp Cloud API communication, and appointment workflows.

1. Who This Policy Applies To

This policy covers data deletion requests from:

  • Clinics and hospitals using Doxmate

  • Clinic administrators and staff

  • Patients whose appointment data appears within Doxmate

  • Any user interacting with Doxmate services

Hospitals and clinics are typically the data controllers of patient data; Doxmate acts as a data processor.

2. Types of Data We Can Delete

Doxmate may process the following, which can be deleted upon valid request:

A. Patient Appointment Data

  • Patient name

  • Phone number

  • Appointment dates/times

  • Rescheduling logs

  • Reminder delivery data

B. Clinic / Staff Data

  • Admin user accounts

  • Staff phone numbers, emails, and roles

  • Clinic configuration and business details

C. WhatsApp Cloud API Data

  • Administrative message content used for appointment workflows

  • Messaging metadata (timestamps, delivery/read receipts)

D. System & Usage Logs

  • Access logs

  • Error logs

  • API usage logs

Some logs may not be deletable if required for:

  • Legal compliance

  • Financial reporting

  • Security investigation

3. Data We Do NOT Store

Doxmate does not store:

  • Medical records

  • Prescriptions

  • Diagnoses

  • Lab results

  • Treatment histories

  • Sensitive health data

Therefore, no deletion request is required for such data.

4. How to Request Data Deletion

Submit a deletion request through:

📩 privacy@brainoxtech.com
📩 support@doxmate.in

Subject: Data Deletion Request

Requests must include:

  • Full name or clinic/hospital name

  • Registered email or phone number

  • Description of data to be deleted

  • Proof of identity or authorization (for clinics/staff)

Clinics requesting patient data deletion must confirm they have the authority.

5. Verification Process

Doxmate will verify all deletion requests to prevent unauthorized access:

  • We verify identity via registered email or phone

  • Clinics may need to confirm patient data deletion requests

  • Patients may need to provide appointment details

Only verified requests will be processed.

6. Deletion Timeline

Upon a valid request:

  • Initial response: within 7 business days

  • Deletion from active systems: within 30 days

  • Encrypted backups: may retain data for up to 30 additional days before automated purge

  • Confirmation email will be sent once deletion is completed

Legal obligations may extend timelines.

7. WhatsApp Cloud API Data

For WhatsApp communication:

  • Messages are encrypted in transit

  • We only store minimal message content required for workflows

  • Completed workflow data may be deleted automatically or retained per clinic settings

Upon a deletion request, we erase all WhatsApp message logs unless Meta requires retention for:

  • Fraud prevention

  • Security investigation

  • Audit purposes

8. Limitations & Exceptions

We may retain data when legally required, including:

  • Billing or financial records

  • Security audit logs

  • Data required for dispute resolution

  • Logs required by Meta/WhatsApp policies

Such retention will be limited to the minimum duration required by law.

9. Deletion by Clinic Administrators

Clinic admins may request:

  • Staff account deletion

  • Patient record deletion

  • Appointment history removal

  • Full clinic data deletion (offboarding)

Before full offboarding, we may require:

  • Authorization from clinic owner

  • Settlement of outstanding invoices

  • Confirmation that no legal obligations prevent deletion

10. Offboarding & Full Account Termination

When a clinic permanently leaves Doxmate:

  • All patient schedules, chat logs, and clinic data are deleted or anonymized

  • Backups purge automatically after retention window

  • WhatsApp API tokens and phone number connections are revoked

  • Dashboard access is removed

We will send a Final Data Deletion Confirmation.

11. Your Rights (Patients & Clinics)

Depending on your region, you may have additional rights such as:

  • Right to access

  • Right to correct

  • Right to delete

  • Right to restrict processing

  • Right to data portability

  • Right to object

  • Right to lodge a complaint

We honor these rights where required by GDPR, CCPA, and relevant regulations.

12. Contact Information

For deletion requests or privacy concerns:

Doxmate (by Brainox Tech)
📧 Data Privacy: privacy@brainoxtech.com
📧 Support: support@doxmate.in
🌐 Website: https://www.doxmate.in
🏢 Brainox Tech: https://www.brainoxtech.com