privacy Policy
Effective Date: 18 Aug 2025
Last Updated: 15 Nov 2025
Doxmate is an AI-powered healthcare appointment automation platform operated by Brainox Tech (“we”, “our”, or “us”). This Privacy Policy explains what personal data we collect when hospitals, clinics, staff, and patients use Doxmate; why we collect it; how we use and share it; and the rights available to users.
This Policy applies to data collected via https://www.doxmate.in, embedded signup flows, dashboards, APIs (including WhatsApp Cloud API), and all Doxmate services.
By using Doxmate or creating an account, you agree to this Privacy Policy.
1. Scope & Who This Policy Covers
This Policy applies to:
Patients receiving appointment-related messages
Clinic/hospital staff who use Doxmate
Administrators who sign up clinics via our embedded signup
Any user interacting with Doxmate’s platform
Clinics/hospitals are typically the data controllers of patient appointment data. Doxmate acts as a data processor, processing data only on their instructions.
2. Summary (What We Collect & Why)
| Data Type | Purpose |
|---|---|
| Contact data (names, emails, phone numbers) | Creating accounts, communicating |
| Appointment data | Scheduling, reminders, workflow automation |
| WhatsApp message content (administrative only) | Completing booking/rescheduling |
| Account & billing data | Payments, subscription management |
| Usage logs | Analytics, debugging, platform improvement |
| Support messages | Troubleshooting and customer support |
We do NOT collect medical records or sensitive health information unless you explicitly choose to provide it (discouraged).
3. Information We Collect (Detailed)
A. Data you or your organisation provide
Clinic/hospital details (name, address, timing, practitioners)
Admin/staff accounts (name, phone, email, password)
Patient appointment details (name, phone, date/time, notes for scheduling)
Billing and invoicing information
B. Automatically collected data
IP address, device information
Cookies and similar technologies
API usage, message delivery logs
Error logs and performance diagnostics
C. WhatsApp Cloud API Data
We process:
Message content needed to complete the appointment workflow
Message status (delivered, read, failed)
We do not use WhatsApp content for any other purpose.
D. Sensitive Medical Data (Not Allowed)
Doxmate is for administrative scheduling only.
Do not upload:
Diagnosis
Lab reports
Prescriptions
Test results
Clinical notes
Submitting such data is at your own discretion and responsibility.
4. Legal Basis (GDPR/International)
We process data based on:
Contractual necessity
Legitimate interests (security, fraud prevention, analytics)
Consent (marketing messages only)
Legal compliance
Hospitals/clinics are responsible for obtaining their patients’ consent where required.
5. How We Use Personal Data
We use data to:
Provide appointment scheduling, confirmations, and reminders
Manage clinic/staff accounts
Authenticate users and secure the platform
Process payments and invoices
Deliver customer support
Improve system performance
Comply with legal obligations
We do not use patient data for automated medical advice or profiling.
6. Embedded Signup (Special Notes)
During embedded signup, we:
Collect administrator identity and contact details
Request clinic information
Record acceptance of Terms & Privacy Policy
Validate authority to represent the healthcare organisation
The clinic becomes the data controller upon onboarding.
7. Third Parties & Subprocessors
We use trusted service providers including:
Messaging
Meta / WhatsApp Cloud API
Hosting & Infrastructure
AWS (ISO/SOC-certified infrastructure)
Payments
PCI-compliant processors (Stripe, Razorpay etc.)
Analytics/Monitoring
Google Analytics, error monitoring tools
Subprocessors must adhere to strict contractual and security obligations.
8. Cross-Border Data Transfers
Data may be stored in international locations depending on AWS regions.
Where required, we use Standard Contractual Clauses (SCCs) and equivalent protections.
9. Data Retention & Deletion
Patient appointment data: stored as long as the clinic account is active
Account & billing data: stored as required for financial/legal compliance
Backups: retained up to 30 days
Logs: retained for operational and security needs
Deletion requests are honored within 30 days, subject to legal retention rules.
10. Security Measures
Encryption in transit (TLS) & at rest (AES-256)
Role-based access controls
Multi-Factor Authentication for admins
Regular security testing and monitoring
Breach notification according to applicable laws
11. Your Rights
Depending on your region, you may have rights to:
Access your data
Correct inaccurate data
Delete data
Restrict processing
Portability
Object to processing
Withdraw consent
Requests: privacy@brainoxtech.com
We verify identities before processing requests.
12. Marketing Communication
Appointment messages → operational (no marketing consent needed)
Marketing updates → only sent with consent
Clinics must not use Doxmate to send promotional WhatsApp messages without patient opt-in
13. Cookies & Tracking
We use cookies for:
Authentication
Analytics
Performance
Users can manage cookies through their browser.
14. AI & Automated Processing
Doxmate uses AI for administrative workflows (appointment routing, reminders).
AI does not provide medical advice.
Clinics are responsible for clinical decisions.
You may request human review of an automated action by contacting support.
15. Minors
Doxmate is not intended for children under 16.
Clinics must obtain parental consent when entering minor data.
16. Changes to This Policy
We may update this Policy.
“Last Updated” date will reflect changes.
Significant updates may require re-consent depending on local law.
17. Contact (DPO & Support)
Data Protection Office – Brainox Tech (Doxmate)
📧 privacy@brainoxtech.com
📧 support@doxmate.in
🌐 https://www.doxmate.in
🌐 https://www.brainoxtech.com
You may request our DPA (Data Processing Agreement) or subprocessor list.