Skip to contentSkip to navigation
← Back to Clinika OS

Privacy Policy

Last updated: 1 March 2026

1. Controller

Clinika OS is operated by Lopes2Tech. For questions about this policy, contact us at privacy@clinika-os.ch.

2. Data We Collect

We collect the following categories of personal data:

  • Account data: email address, clinic name, and billing information provided during sign-up.
  • Patient booking data: first name, last name, phone number, and appointment details submitted via the public booking form.
  • Usage data: pages visited, features used, and error logs (via Sentry), used solely to improve the service.
  • Cookies: a session cookie for authentication and a language-preference cookie (preferred-language). No third-party advertising cookies are set.

3. Legal Basis (GDPR)

  • Contract performance (Art. 6(1)(b)): processing necessary to provide the subscription service.
  • Legitimate interests (Art. 6(1)(f)): security monitoring, fraud prevention, and service reliability.
  • Consent (Art. 6(1)(a)): optional analytics and marketing cookies, where applicable.

4. How We Use Your Data

  • Providing, maintaining, and improving the Clinika OS platform.
  • Sending appointment reminder emails on behalf of clinics.
  • Processing subscription payments via Stripe.
  • Detecting and preventing security incidents.

5. Data Sharing

We do not sell personal data. We share data only with sub-processors strictly necessary to deliver the service:

  • Supabase (database hosting, EU region)
  • Stripe (payment processing)
  • Resend (transactional email)
  • Sentry (error monitoring)
  • Upstash (rate-limiting cache, EU region)

6. Data Retention

Account data is retained for the duration of the subscription plus 90 days. Appointment records are retained for 7 years to comply with healthcare record-keeping requirements unless a shorter period is requested. Error logs are purged after 30 days.

7. Your Rights

Under the GDPR and Swiss nDSG you have the right to access, rectify, erase, restrict, or port your personal data, and to object to processing. To exercise these rights, email privacy@clinika-os.ch. We will respond within 30 days.

8. Security

Data is encrypted at rest and in transit (TLS 1.2+). Access to production databases is restricted to authorised personnel and enforced by row-level security policies.

9. Cookies

We use strictly necessary cookies only (session authentication and language preference). You can disable cookies in your browser settings; however, authentication will not function without the session cookie.

10. Changes to This Policy

We may update this policy periodically. Material changes will be communicated by email to account holders at least 14 days before taking effect.

11. Contact & Complaints

For privacy enquiries: privacy@clinika-os.ch.

You may also lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) at www.edoeb.admin.ch.