Clineeq

1. Introduction

Suvera Healthcare Technologies ("Clineeq," "we," "us," or "our") is committed to protecting the privacy and security of personal information. This Privacy Policy explains how we collect, use, disclose, store, and protect information when you use our medical practice management platform and related services (collectively, the "Services").

This Privacy Policy applies to:

Healthcare practices and clinics that subscribe to our Services ("Subscribers" or "Practices")
Healthcare professionals, staff, and administrators who use our Services ("Users")
Patients who interact with our Services through patient portals or other features ("Patients")

By using the Services, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your information as described herein.

Important: If you are a patient, your healthcare provider (the Practice) is the primary data controller/data fiduciary of your medical information. This Privacy Policy describes how Clineeq processes data on behalf of Practices. Your Practice's own privacy practices may differ and should be reviewed separately.

2. Legal Framework

Our privacy practices comply with applicable Indian data protection laws, including:

Information Technology Act, 2000 and amendments
Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules")
Digital Personal Data Protection Act, 2023 ("DPDP Act") and Digital Personal Data Protection Rules, 2025 (when fully effective by May 13, 2027)
Clinical Establishments (Registration and Regulation) Act, 2010
Indian Medical Council (Professional Conduct, Etiquette and Ethics) Regulations, 2002
Telemedicine Practice Guidelines, 2020
Other applicable central and state healthcare regulations

Under these laws, certain categories of personal data are classified as "Sensitive Personal Data or Information" (SPDI) and subject to heightened protection requirements. Health information, medical records, and biometric data constitute SPDI under Indian law.

3. Information We Collect

3.1 Information Collected from Practices and Users

When Practices and Users register for and use our Services, we collect:

Account and Registration Information:

Practice name, business address, and contact details
Tax identification numbers (GSTIN, PAN)
Professional licenses and registration numbers
User names, email addresses, phone numbers
Job titles and roles within the practice
Account credentials (usernames and encrypted passwords)

Business Information:

Practice specialty and type (e.g., hair transplant, aesthetic clinic)
Number of providers and staff
Operating hours and location information
Billing and payment information (credit card details, bank account information for payments)
Subscription plan and usage preferences

Usage and Technical Information:

IP addresses and device identifiers
Browser type and version
Operating system information
Pages viewed and features used
Session duration and navigation patterns
Error logs and diagnostic information
Cookies and similar tracking technologies

3.2 Patient Information Collected on Behalf of Practices

When Practices use our Services to manage patient care, we process the following categories of patient information on their behalf:

Patient Identification Information:

Full name, date of birth, age, and gender
Contact information (address, phone, email)
Emergency contact details
Government-issued ID numbers (Aadhaar, if provided)
Unique patient identification numbers assigned by the Practice

Medical and Health Information (SPDI):

Medical history and health conditions
Current medications and allergies
Clinical notes and treatment plans
Diagnoses and assessment results
Surgical and procedural records
Laboratory and test results
Prescriptions and medication records
Progress notes and follow-up documentation
Medical images and photographs (before/after photos, diagnostic images)
Vital signs and biometric data

Appointment and Scheduling Information:

Appointment dates, times, and types
Provider assignments
Appointment notes and status
Cancellation and rescheduling history
Reminder preferences

Billing and Financial Information:

Invoice and payment records
Insurance information (if applicable)
Treatment costs and payment history
Outstanding balances

Communication Records:

Messages between patients and healthcare providers
Video consultation recordings and transcripts
SMS notifications and communication logs
Patient portal activity

Consent and Authorization Records:

Consent forms for treatment
Privacy notices and acknowledgments
Authorization for disclosure of health information
Marketing communication preferences

3.3 Information Collected Automatically

We automatically collect certain information when you use the Services:

Cookies and Similar Technologies:

We use cookies, web beacons, and similar tracking technologies to:

Authenticate users and maintain sessions
Remember user preferences and settings
Analyze usage patterns and improve the Services
Provide security and fraud prevention
Deliver relevant content

You can control cookie settings through your browser, but disabling cookies may limit functionality of the Services.

Log and Analytics Data:

Access times and dates
Feature usage statistics
Error reports and crash data
Performance metrics
Search queries within the Services

3.4 Information from Third-Party Sources

We may receive information from third-party services integrated with our platform:

Payment processors: Transaction confirmation and payment status
SMS/Communication providers (MSG91): Delivery status and phone number validation
Video consultation providers (Daily.co): Session metadata and quality metrics
Identity verification services: Validation of professional credentials
Cloud infrastructure providers (AWS): Server logs and performance data

4. How We Use Information

4.1 Use of Practice and User Information

We use information collected from Practices and Users to:

Provide and Manage the Services:

Create and maintain user accounts
Authenticate and authorize access
Process subscription payments and billing
Provide technical support and customer service
Deliver notifications and service updates

Improve and Develop Services:

Analyze usage patterns to enhance features
Develop new functionality and services
Conduct research and analytics
Test and optimize performance
Prevent and address technical issues

Communication:

Send service-related announcements
Provide customer support responses
Share product updates and new features
Send billing and payment notifications
Deliver educational content and best practices (with consent)

Security and Legal Compliance:

Detect and prevent fraud and security threats
Enforce our Terms of Service
Comply with legal obligations and regulatory requirements
Respond to legal requests and prevent harm
Protect the rights and safety of Clineeq, users, and others

Business Operations:

Conduct internal business analysis
Manage vendor and partner relationships
Facilitate business transactions (mergers, acquisitions)
Generate aggregated, anonymized reports and benchmarks

4.2 Use of Patient Information

We process patient information solely on behalf of and under the instructions of Practices. As a data processor/service provider, we use patient information only to:

Provide the Services to the Practice as instructed
Enable healthcare providers to deliver patient care
Facilitate communication between patients and providers
Process appointments, billing, and administrative tasks
Maintain security and prevent unauthorized access
Comply with legal obligations (e.g., data breach notification)

We do not:

Use patient health information for our own marketing purposes
Sell patient information to third parties
Make automated decisions about patient care
Share patient information except as described in this Policy or as instructed by the Practice

4.3 Aggregated and De-Identified Data

We may create aggregated, de-identified, or anonymized data from information we collect, including patient information, provided such data cannot reasonably identify any individual or Practice. We may use and disclose this de-identified data for:

Industry research and analysis
Healthcare trends and benchmarking
Product development and improvement
Publication of statistical insights
Marketing and promotional purposes

Once data is properly de-identified, it is no longer subject to this Privacy Policy.

5. Legal Basis for Processing (DPDP Act Compliance)

Under the Digital Personal Data Protection Act, 2023, we process personal data based on the following legal grounds:

For Practice and User Data:

Consent: When you create an account and agree to our Terms and this Privacy Policy
Contractual Necessity: To perform our contract with you and provide the Services
Legitimate Interests: For service improvement, security, and business operations
Legal Obligations: To comply with applicable laws and regulations

For Patient Data:

Processing on Behalf of Data Fiduciary: We act as a data processor, processing patient data under the instructions of the Practice (data fiduciary)
Consent Obtained by Practice: The Practice is responsible for obtaining necessary patient consents
Legal Obligations: Where required by law (e.g., breach notification, lawful government requests)

6.1 When We Share Information

We share personal information only in the following circumstances:

With the Practice (for Patient Data):

Patient information is accessible to the Practice that submitted it and Users authorized by that Practice. Each Practice controls access to its own patient data.

Service Providers and Sub-Processors:

We engage third-party service providers to perform functions on our behalf. These providers have access to personal information only as necessary to perform their functions and are contractually obligated to maintain confidentiality and security.

Our key service providers include:

Service Provider	Purpose	Data Shared	Location
Amazon Web Services (AWS)	Cloud hosting and storage	All data types	India (Mumbai region)
MSG91	SMS notifications and OTP	Phone numbers, message content	India
Daily.co	Video consultations	User names, session metadata	United States
Payment Processors	Payment processing	Billing information, transaction data	India
Firebase (Google)	Push notifications, authentication	Device tokens, user IDs	India/Global

Business Transfers:

If we are involved in a merger, acquisition, bankruptcy, or sale of assets, personal information may be transferred to the successor entity. We will provide notice and seek consent if required before such transfer occurs.

Legal Requirements:

We may disclose information when we believe in good faith that disclosure is necessary to:

Comply with applicable laws, regulations, or legal processes
Respond to lawful requests from government authorities, law enforcement, or regulatory bodies
Enforce our Terms of Service and other agreements
Protect the rights, property, or safety of Clineeq, our users, patients, or others
Detect, prevent, or address fraud, security, or technical issues
Respond to medical emergencies where patient safety is at risk

With Your Consent:

We may share information with third parties when you provide explicit consent or direct us to do so.

Aggregated and De-Identified Data:

We may share aggregated, anonymized, or de-identified data that cannot reasonably identify individuals with partners, researchers, or the public.

6.2 What We Do NOT Do

We do NOT:

Sell personal information to third parties
Share patient health information for marketing purposes without authorization
Provide patient lists to pharmaceutical or device companies
Use patient information for advertising or promotional purposes
Share information with unauthorized third parties

6.3 Patient's Control Over Sharing

Patients may have rights to restrict sharing of their information. Such requests should be directed to the healthcare Practice, as the Practice controls the use and disclosure of patient information. We will honor sharing restrictions implemented by Practices in the Services.

7. Data Security

7.1 Security Measures

We implement comprehensive administrative, physical, and technical safeguards designed to protect personal information against unauthorized access, loss, destruction, or alteration. Our security measures include:

Technical Safeguards:

Encryption: Data encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption
Access Controls: Role-based access control (RBAC) with principle of least privilege
Authentication: Multi-factor authentication options for enhanced security
Network Security: Firewalls, intrusion detection/prevention systems, and DDoS protection
Vulnerability Management: Regular security scanning and penetration testing
Monitoring: 24/7 security monitoring and logging of access to sensitive data
Secure Development: Security code reviews and secure software development practices

Administrative Safeguards:

Security Policies: Comprehensive information security policies and procedures
Staff Training: Regular security awareness training for all employees
Background Checks: Verification of employees with access to sensitive systems
Access Management: Formal processes for granting, reviewing, and revoking access
Incident Response: Documented incident response and breach notification procedures
Vendor Management: Security assessments of third-party service providers
Compliance Audits: Regular security audits and compliance assessments

Physical Safeguards:

Data Centers: AWS data centers with physical security controls, environmental protections, and redundancy
Device Security: Encrypted hard drives and secure disposal of storage media
Office Security: Restricted access to offices and secure storage of physical records

7.2 Security Standards Compliance

Our security practices align with recognized industry standards, including:

ISO/IEC 27001:2013 Information Security Management System
ISO/IEC 27017 Cloud Security
ISO/IEC 27018 Cloud Privacy
SOC 2 Type II compliance (through AWS infrastructure)
EHR Standards for India, 2016

7.3 Data Breach Response

Despite our security measures, no system can guarantee absolute security. In the event of a data breach that compromises personal information:

Our Obligations:

We will investigate and contain the breach promptly
We will notify affected Practices without undue delay and within 72 hours when feasible
We will provide information about the nature and scope of the breach
We will take steps to mitigate harm and prevent future breaches
We will cooperate with Practices in meeting their breach notification obligations
We will notify the Data Protection Board of India as required by law

Practice Obligations:

Practices are responsible for:

Notifying affected patients as required by applicable law
Reporting breaches to regulatory authorities (e.g., medical councils, data protection authorities)
Maintaining their own breach response procedures

Individual Rights:

If you believe your information has been compromised, please contact us immediately at security@clineeq.in.

7.4 Your Security Responsibilities

You can help protect your information by:

Using strong, unique passwords and changing them regularly
Enabling multi-factor authentication
Not sharing account credentials
Logging out when finished using the Services
Reporting suspicious activity immediately
Keeping contact information current for security notifications

8. Data Retention and Deletion

8.1 Retention Periods

We retain personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Practice and User Information:

Account information: Retained while the account is active and for seven (7) years after termination for legal, tax, and audit purposes
Billing records: Retained for seven (7) years in accordance with Indian tax and accounting requirements
Support communications: Retained for three (3) years
Usage logs: Retained for one (1) year

Patient Information:

Medical records: Retained according to the Practice's retention policy and applicable medical record retention requirements
Default retention: Unless the Practice specifies otherwise, patient records are retained for ten (10) years from the last interaction, consistent with medical record retention best practices in India
Communication records: Retained according to the Practice's policy, typically 3-10 years

Specific retention periods may be longer if:

Required by applicable law (e.g., Clinical Establishments Act requirements)
Necessary for legal proceedings or regulatory investigations
Required for child/minor patient records (often retained until majority plus additional years)
The Practice has specified a different retention schedule

8.2 Data Deletion

Upon Termination:

When a Practice terminates its subscription:

The Practice has thirty (30) days to export and retrieve all data
After thirty (30) days, we may delete all data unless the Practice requests extended retention
Backups may persist for an additional ninety (90) days before permanent deletion
Some data may be retained longer where required by law or legitimate business purposes

Deletion Methods:

When data is deleted, we use secure deletion methods including:

Overwriting data storage
Cryptographic erasure (destroying encryption keys)
Physical destruction of decommissioned hardware
Verification of deletion from all systems and backups

Exceptions to Deletion:

We may retain certain information after a deletion request:

Where required by law (e.g., tax records, legal hold)
For resolving disputes or enforcing agreements
For security and fraud prevention
In aggregated or de-identified form for analytics
In backup systems for a limited period before permanent deletion

8.3 Patient Rights to Deletion

Patients who wish to request deletion of their information should contact their healthcare Practice. The Practice will assess the request considering:

Medical necessity and safety considerations
Legal and regulatory retention requirements
Legitimate interests in maintaining the medical record
Patient's rights under applicable data protection laws

Certain information cannot be deleted while active treatment is ongoing or where medical-legal considerations require retention (e.g., adverse event documentation, consent forms).

9. Individual Rights and Choices

9.1 Rights Under Indian Law

Depending on your relationship with our Services and applicable law, you may have the following rights:

Under SPDI Rules and DPDP Act:

Right to Access:

Obtain confirmation of whether we process your personal data
Access your personal data in a structured, commonly used format
Request details about how your data is processed

Right to Correction:

Request correction of inaccurate or incomplete personal data
Update your account information

Right to Erasure/Right to be Forgotten:

Request deletion of personal data when no longer necessary for the purposes collected
Subject to legal retention requirements and legitimate interests

Right to Withdraw Consent:

Withdraw consent for processing based on consent at any time
Does not affect the lawfulness of processing before withdrawal
May impact our ability to provide certain Services

Right to Data Portability (under DPDP Act):

Receive personal data in a structured, machine-readable format
Transmit data to another data fiduciary where technically feasible

Right to Grievance Redressal:

File a complaint with our designated Grievance Officer
Escalate complaints to the Data Protection Board of India

Right to Nominate (under DPDP Act):

Nominate another individual to exercise rights on your behalf in the event of death or incapacity

9.2 How to Exercise Your Rights

For Practices and Users:

To exercise your rights, contact us at:

Email: privacy@clineeq.in
Grievance Officer: grievance@clineeq.in
Through your account settings (for certain rights)

For Patients:

Patients should direct rights requests to their healthcare Practice, as the Practice is the data fiduciary/controller of patient information. We will cooperate with Practices in responding to patient requests.

We will respond to verified requests within:

Seven (7) days: Acknowledgment of receipt
Thirty (30) days: Substantive response (may be extended to 60 days for complex requests)

We may request additional information to verify your identity before processing requests.

9.3 Communication Preferences

Marketing Communications:

If you receive promotional emails from us, you may:

Unsubscribe using the link in the email
Update preferences in your account settings
Email us at unsubscribe@clineeq.in

Please note: You cannot opt out of service-related communications (e.g., account notifications, security alerts, billing statements) while using the Services.

SMS Notifications:

To opt out of SMS notifications, reply STOP to any message or update preferences in your account settings. Note that opting out may affect appointment reminders and service functionality.

9.4 Cookie Choices

You can manage cookie preferences through:

Browser settings (to block or delete cookies)
Our cookie consent tool (if available)
Opt-out mechanisms provided by third-party analytics providers

Disabling cookies may limit your ability to use certain features of the Services.

9.5 Limitations on Rights

Certain rights may be limited or denied when:

Required to comply with legal obligations
Necessary for establishment, exercise, or defense of legal claims
Required for public health or safety purposes
Necessary to protect the rights and freedoms of others
Processing is for archival or research purposes in the public interest

10. Children's Privacy

The Services are not directed to children under the age of 18, and we do not knowingly collect personal information from children except in the context of pediatric patient care.

Pediatric Patient Information:

When Practices use the Services to treat minor patients (under 18 years), the Practice is responsible for:

Obtaining appropriate consent from parents or legal guardians
Complying with applicable laws regarding minors' health information
Managing access rights and disclosure of minors' information

Parental Rights:

Parents and legal guardians may have rights to access and control their child's health information subject to applicable law and the Practice's policies. Such requests should be directed to the healthcare Practice.

If we become aware that we have collected personal information from a child without appropriate authorization, we will take steps to delete such information promptly.

11. International Data Transfers

11.1 Primary Data Location

Customer Data, including patient information, is primarily stored and processed in India at AWS data centers located in the Asia Pacific (Mumbai) region.

11.2 Limited International Transfers

Certain Services involve limited data transfers outside India:

Video Consultations (Daily.co):

Video session metadata may be processed on Daily.co servers in the United States. Live video and audio are transmitted peer-to-peer when possible; recordings (if enabled by the Practice) may be stored in the US.

Customer Support:

Support tickets and communications may be accessible to support staff globally.

Infrastructure Providers:

AWS and other infrastructure providers may process certain metadata globally for service operation and security purposes.

11.3 Safeguards for International Transfers

When data is transferred outside India, we ensure appropriate safeguards including:

Standard contractual clauses with data processors
Ensuring recipients provide adequate data protection
Limiting transfers to what is necessary for service provision
Encryption of data in transit and at rest
Compliance with applicable data transfer regulations under the DPDP Act

11.4 Government Access to Data

We do not provide foreign governments with direct access to data. If we receive a lawful request from a government authority, we will:

Verify the legality and validity of the request
Notify affected customers unless prohibited by law
Disclose only the minimum information required
Challenge overbroad or improper requests
Publish transparency reports on government requests (as permitted)

12. Changes to This Privacy Policy

12.1 Right to Modify

We reserve the right to modify this Privacy Policy at any time to reflect changes in:

Our privacy practices
Legal and regulatory requirements
Services and features
Feedback from users and stakeholders

12.2 Notice of Changes

When we make material changes to this Privacy Policy, we will:

Update the "Last Updated" date at the top of this Policy
Post the updated Privacy Policy on our website
Send email notification to registered account email addresses
Display a prominent notice when you log into the Services
For material changes that affect patient data processing, notify Practices at least thirty (30) days in advance

12.3 Acceptance of Changes

Your continued use of the Services after the effective date of changes constitutes acceptance of the updated Privacy Policy. If you do not agree to the changes, you must discontinue use of the Services and may request deletion of your information.

12.4 Version History

We maintain a version history of this Privacy Policy. Previous versions are available upon request by contacting privacy@clineeq.in.

13. Cookies and Tracking Technologies

13.1 Types of Cookies We Use

Essential Cookies:

Required for the Services to function. These cookies:

Authenticate users and maintain sessions
Remember security settings
Enable core functionality
Cannot be disabled without affecting service operation

Analytics Cookies:

Help us understand how users interact with the Services:

Track page views and feature usage
Identify navigation patterns
Measure performance and errors
Inform product improvements

Preference Cookies:

Remember your settings and preferences:

Language and locale preferences
Display settings
Customization choices

Security Cookies:

Help us detect fraud and abuse:

Identify suspicious activity
Prevent unauthorized access
Track security-relevant events

13.2 Third-Party Tracking

We may use third-party analytics and monitoring services, including:

Google Analytics (subject to Google's privacy policy)
AWS CloudWatch for infrastructure monitoring
Error tracking and performance monitoring tools

These services may use cookies and similar technologies. We configure these tools to respect user privacy and limit data collection.

13.3 Managing Cookies

You can control cookies through:

Browser Settings:

Most browsers allow you to:

View and delete cookies
Block all cookies or third-party cookies
Set preferences for specific websites
Receive notifications when cookies are set

Do Not Track Signals:

We do not currently respond to "Do Not Track" browser signals, as there is no industry consensus on how to interpret such signals.

Opting Out:

To opt out of Google Analytics: https://tools.google.com/dlpage/gaoptout

Note that disabling cookies may affect functionality, requiring you to log in repeatedly or losing customization settings.

14. Third-Party Links and Services

14.1 Third-Party Websites

The Services may contain links to third-party websites, services, or resources not operated by Clineeq. This Privacy Policy does not apply to third-party sites.

We are not responsible for:

Privacy practices of third-party sites
Content or security of external sites
Collection or use of your information by third parties

We encourage you to review the privacy policies of any third-party sites you visit.

14.2 Third-Party Integrations

If you choose to integrate third-party services with your Clineeq account:

You authorize data sharing between Clineeq and the third-party service
The third party's privacy policy governs their use of your information
You are responsible for reviewing and accepting third-party terms
You can revoke integrations at any time through account settings

15. Data Protection Officer / Grievance Officer

15.1 Grievance Officer

In accordance with the Information Technology Act, 2000 and DPDP Act requirements, we have appointed a Grievance Officer to address privacy concerns:

Grievance Officer:

Email: grievance@clineeq.in
Address: Suvera Healthcare Technologies, Registered Office

Response Timeline:

Acknowledgment: Within 24 hours of receiving complaint
Resolution: Within 30 days (may be extended with notification)

15.2 Filing a Complaint

To file a privacy complaint:

Send a detailed description of your concern to grievance@clineeq.in
Include your contact information and relevant details
Specify the remedy you are seeking
You will receive an acknowledgment within 24 hours
We will investigate and respond within 30 days

15.3 Escalation

If you are not satisfied with our response, you may escalate to:

Data Protection Board of India (once operational under DPDP Act)
Relevant regulatory authorities (Indian Computer Emergency Response Team, medical councils)
Consumer forums under the Consumer Protection Act, 2019

16. Specific Rights for California Residents (If Applicable)

While our Services primarily serve Indian healthcare organizations, if we process personal information of California residents, they may have rights under the California Consumer Privacy Act (CCPA).

California residents may contact privacy@clineeq.in to exercise rights including:

Right to know what personal information is collected
Right to know if personal information is sold or disclosed
Right to opt-out of sale of personal information
Right to deletion of personal information
Right to non-discrimination for exercising CCPA rights

We do not sell personal information as defined by the CCPA.

17. Contact Information

17.1 Privacy Questions

For questions, concerns, or requests regarding this Privacy Policy or our privacy practices:

Email: privacy@clineeq.in
Mail: Suvera Healthcare Technologies, Attention: Privacy Officer

17.2 Security Issues

To report security vulnerabilities or incidents:

Email: security@clineeq.in

17.3 General Inquiries

Website: https://clineeq.in
Email: support@clineeq.in

18. Effective Date and Acknowledgment

This Privacy Policy is effective as of January 1, 2026.

By using the Clineeq Services, you acknowledge that:

You have read and understood this Privacy Policy
You consent to the collection, use, and disclosure of your information as described
If using the Services on behalf of a Practice, you have authority to provide such consent
You understand your rights and how to exercise them

Appendix A: Definitions

Personal Data / Personal Information: Any information relating to an identified or identifiable individual.

Sensitive Personal Data or Information (SPDI): Includes passwords, financial information, health information, medical records and history, biometric information, sexual orientation, and other categories defined under the SPDI Rules.

Data Fiduciary: The entity that determines the purpose and means of processing personal data (typically the healthcare Practice using our Services). Also referred to as "data controller" in some jurisdictions.

Data Processor: An entity that processes personal data on behalf of the data fiduciary (Clineeq in relation to patient information). Also referred to as "service provider."

Processing: Any operation performed on personal data, including collection, recording, organization, storage, adaptation, retrieval, disclosure, or deletion.

Consent: A freely given, specific, informed, and unambiguous indication of agreement to the processing of personal data.

De-identification: The process of removing identifying information from data such that individuals cannot reasonably be identified directly or indirectly.

Customer Data: All data, including personal information, uploaded, stored, or processed by Practices and Users through the Services.

Appendix B: Sub-Processors

The following third-party sub-processors have access to personal information in the course of providing services to us:

Sub-Processor	Service	Data Processed	Location
Amazon Web Services (AWS)	Cloud hosting and infrastructure	All Customer Data	India (primary), global
MSG91	SMS and OTP services	Phone numbers, SMS content	India
Daily.co	Video consultation platform	Names, emails, video/audio content	United States
Firebase (Google)	Push notifications, authentication	Device tokens, user IDs	India/Global

We regularly review our sub-processors and update this list. Practices may request notification of changes to sub-processors by contacting privacy@clineeq.in.

Last Reviewed: December 25, 2025
Next Review Date: January 1, 2027 or upon material changes to privacy laws or practices

Privacy Policy