Privacy Policy | Code Clinic

Code Clinic Dental Clinic (“we”, “our”, or “us”) operates the Code Clinic dental management platform accessible at codeclinicemr.com. This Privacy Policy explains how we collect, use, store, and protect the personal and medical information of patients, staff, and other users of our system.

By using the Code Clinic platform, you agree to the practices described in this policy. If you do not agree, please discontinue use and contact us at [email protected].

1. Information We Collect

We collect the following categories of information:

Patient information: Full name, date of birth, gender, contact number, address, next-of-kin details.
Medical & dental records: Diagnosis history, treatment plans, prescriptions, dental charts, X-ray references, clinical notes, and visit summaries.
Appointment data: Booking dates and times, assigned doctor, service type, appointment status, and attendance history.
Account credentials: Email address and hashed passwords for staff accounts. Patients do not create login accounts.
Usage data: IP address, browser type, pages visited, and timestamps — collected automatically for security and system monitoring.

2. How We Use Your Information

We use the information collected solely for the following purposes:

Delivering and managing clinical care and appointment scheduling.
Sending appointment reminders and health communications via WhatsApp and SMS.
Syncing appointments to staff calendars via Google Calendar integration.
Generating internal clinical reports for administrative and billing purposes.
Improving the security, reliability, and functionality of the platform.
Complying with applicable Ugandan health and data protection regulations.

We do not sell, rent, or share patient data with third parties for marketing purposes.

3. Data Storage & Security

All data is stored on secure servers operated by DigitalOcean LLC, located in Frankfurt, Germany, within the European Union. DigitalOcean maintains ISO 27001-certified data centres with physical and logical security controls.

We protect your data through:

Encrypted connections (HTTPS/TLS) for all data in transit.
Database access restricted to authorised application services only.
Role-based access controls — staff can only access data relevant to their role.
Regular backups to prevent data loss.
Passwords stored using strong one-way hashing (bcrypt).

4. Third-Party Services

We integrate with the following third-party services to deliver core functionality:

Google Calendar: Used by clinic staff to sync appointment schedules. Only appointment title, date, time, and assigned doctor are shared. Google’s privacy policy applies.

WhatsApp (Meta): Used to send appointment confirmations, reminders, and follow-up messages to patients using their registered phone numbers. Messages are sent via WhatsApp Business API.

Africa’s Talking: Used to send SMS appointment reminders to patients without WhatsApp. Only the patient’s phone number and message content are shared.

Cloudflare R2: Used for secure storage of audio recordings from voice-assisted clinical notes. Recordings are encrypted at rest and accessible only to authorised staff.

Each third-party provider operates under its own privacy policy. We do not permit these providers to use your data for any purpose other than delivering the service.

5. Data Retention

Patient medical records are retained in accordance with Ugandan health regulations. Clinical records are kept for a minimum of 10 years from the date of last treatment. Staff account data is retained for as long as the account remains active, plus 12 months after deactivation for audit purposes.

Appointment reminder messages and system logs are retained for up to 12 months.

6. Patient Rights

As a patient, you have the right to:

Access — request a copy of the personal and medical data we hold about you.
Correction — request that inaccurate or incomplete data be corrected.
Deletion — request deletion of your data, subject to legal retention requirements.
Objection — object to specific uses of your data, such as WhatsApp communications.

To exercise any of these rights, contact us at [email protected]. We will respond within 14 days.

7. Cookies & Local Storage

The Code Clinic web application uses browser local storage (not cookies) to remember your theme preference and keep you logged in during your session via a secure authentication token. No tracking or advertising cookies are used.

8. Children’s Privacy

Our clinic treats patients of all ages, including minors. Records for patients under 18 are created and managed by authorised clinic staff on behalf of the patient’s guardian. We do not knowingly collect information directly from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page. Continued use of the platform after any changes constitutes acceptance of the updated policy.

10. Contact Us

For any privacy-related questions, requests, or concerns, please contact:

Code Clinic Dental Clinic Kamwokya, Kampala, Uganda
Email: [email protected]