Try Doxmate

Data Deletion Policy 

 

Effective Date: 18 Aug 2025
Last Updated: 13 Nov 2025

At Doxmate, we respect patient privacy, healthcare confidentiality, and user rights. This Data Deletion Policy explains how clinics, hospitals, administrators, and patients can request deletion of personal data stored or processed by Doxmate.
Doxmate is owned and operated by Brainox Tech.

This policy applies to all Doxmate services, including signup, dashboard usage, WhatsApp Cloud API communication, and appointment workflows.

1. Who This Policy Applies To

This policy covers data deletion requests from:

  • Clinics and hospitals using Doxmate
  • Clinic administrators and staff
  • Patients whose appointment data appears within Doxmate
  • Any user interacting with Doxmate services

Hospitals and clinics are generally the data controllers of patient data; Doxmate acts as a data processor.

2. Types of Data We Can Delete

Doxmate may process the following data types, all of which can be deleted upon valid request:

A. Patient Appointment Data

  • Patient name
  • Phone number
  • Appointment dates/times
  • Rescheduling logs
  • Reminder delivery data

B. Clinic/Staff Data

  • Admin user accounts
  • Staff phone numbers, emails, and roles
  • Clinic configuration and business data

C. WhatsApp Cloud API Data

  • Message content (only administrative messages used for booking/rescheduling)
  • Messaging metadata (timestamps, delivery/read receipts)

D. System & Usage Logs

  • Access logs
  • Error logs
  • API usage logs

Not deletable if required for legal compliance, e.g., financial records, audit logs, or security investigations.

3. Data We Do NOT Store

For clarity, Doxmate does not store:

  • Medical records
  • Prescriptions
  • Diagnoses
  • Lab results
  • Treatment histories
  • Sensitive health details

Therefore, no deletion is required for such data.

4. How to Request Data Deletion

Anyone wishing to request deletion may do so via:

privacy@brainoxtech.com
OR
 support@doxmate.in
Subject: Data Deletion Request

Requests must include:

  1. Full name OR clinic/hospital name
  2. Registered email or phone number
  3. Description of the data to be deleted
  4. Proof of identity or authorization (for clinics/staff)

Clinics submitting patient deletion requests must ensure they have the proper authority to do so.

5. Verification Process

To prevent unauthorized deletion:

  • We verify requester identity via email or phone
  • Clinics may be asked to confirm authority for deleting patient data
  • Patients may be asked for appointment details to confirm identity

Only verified requests will be processed.

6. Deletion Timeline

Upon a valid request:

  • Initial response: within 7 business days
  • Data deletion from active systems: within 30 days
  • Encrypted backups: may retain data for up to 30 additional days before automated purge
  • Full deletion confirmation email sent once the process is complete

Legal or regulatory obligations may extend these timelines.

7. WhatsApp Cloud API Data

For WhatsApp-based appointment communication:

  • Messages are encrypted in transit
  • We retain only minimal message content required to complete scheduling workflows
  • Once workflow is complete, data may be:
    • Automatically deleted, or
    • Retained according to clinic settings

If a deletion request is submitted, we will erase all associated WhatsApp message logs except where Meta requires retention for fraud prevention or audit purposes.

8. Limitations & Exceptions

We may retain certain data where legally necessary, including:

  • Financial/billing records
  • Security audit logs
  • Records required for dispute resolution
  • Data needed to enforce Terms of Use
  • Logs necessary to comply with Meta/WhatsApp policies

Such retention is limited to the extent required by law.

9. Deletion by Clinic Administrators

A clinic administrator may request:

  • Staff account removal
  • Patient record deletion
  • Appointment history removal
  • Deletion or anonymization of entire clinic data (in case of offboarding)

Before full clinic offboarding, we may require:

  • Written authorization
  • Settlement of any outstanding invoices
  • Confirmation that no legal obligations require retention

10. Offboarding & Full Account Termination

When a clinic permanently stops using Doxmate:

  • All patient schedules, chat logs, and clinic data are deleted or anonymized
  • Backups are purged automatically after the backup retention window
  • WhatsApp API tokens and connected numbers are revoked
  • Access to dashboards is removed

We will provide the clinic with a Final Data Deletion Confirmation.

11. Your Rights (Patients & Clinics)

Depending on your location, you may have additional legal rights:

  • Right to access
  • Right to correct
  • Right to delete
  • Right to restrict processing
  • Right to portability
  • Right to object
  • Right to lodge a complaint

We honor these rights where required by applicable laws like GDPR, CCPA, or HIPAA principles.

12. Contact Information

For requests, questions, or concerns regarding data deletion:

Doxmate (by Brainox Tech)
 Data Privacy: privacy@brainoxtech.com
 Support: support@doxmate.in
 Website: https://www.doxmate.in
 Brainox Tech: https://www.brainoxtech.com

AI
💬 Riva - AI Consultant