Skip to main content
Clinix Logo
Join as clinic Sign In

Privacy Policy

Last updated: May 2026

Your privacy is important to us. This Privacy Policy explains how Clinix Healthcare ("Clinix", "we", "us", or "our") collects, uses, stores, shares, and protects your personal information when you use our mobile application, web dashboard, and website, in accordance with the Personal Data Protection Law (PDPL) of the Kingdom of Saudi Arabia.

1. Information We Collect

We collect the following types of information when you use Clinix:

1.1 Personal Information

  • Full name (first name and last name)
  • Email address
  • Mobile phone number (Saudi Arabia +966 format)
  • Date of birth
  • Gender
  • Country, city, and address (optional)
  • Profile photo or avatar
  • Country of residence

1.2 Health and Medical Information

  • Appointment records (dates, times, status, booking notes, cancellation reasons)
  • Diagnosis information and clinical notes
  • Prescriptions (medication names, dosages, frequency, duration)
  • Medical reports and free-text clinical notes
  • Radiology results and medical imaging files (PDF, PNG, JPG, JPEG, DICOM)
  • Doctor and specialization selections
  • Multi-session treatment package information
  • Medical service selections and visit types

1.3 Location Information

  • GPS coordinates (latitude and longitude)
  • Reverse-geocoded address via Google Maps API
  • Distance calculations between your location and clinic branches

1.4 Financial Information

  • Invoice records (invoice ID, amount, status, currency in SAR)
  • Service pricing information (regular and discounted prices)
  • Payment history and downloadable PDF invoices

Note: Clinix does not collect, store, or process credit card numbers, bank account details, or other payment instrument data. Payments are handled offline at the clinic or through external means.

1.5 Device and Technical Information

  • Device type and operating system
  • IP address and browser type (for web users)
  • Firebase Cloud Messaging (FCM) token for push notifications
  • App usage data and interaction patterns

1.6 Clinic and Provider Information (for healthcare professionals)

  • Clinic name, address, and logo
  • Branch information (name, address, GPS coordinates, operating hours)
  • Doctor professional details (bio, license number, years of experience, education, consultation fee)
  • Employee information (leave requests, shift schedules)
  • Medical services, specializations, and departments offered

2. How We Collect Information

  • Directly from you: When you register an account, complete your profile, book appointments, upload medical documents, or contact us through our website contact form.
  • Automatically: When you use our mobile app (location data, device information, FCM tokens) or visit our website (IP address, browser type).
  • From healthcare providers: When doctors or clinic staff create appointments, add prescriptions, upload medical reports, or update your medical records.
  • From third-party services: Google Maps API for location services and reverse geocoding.

3. Legal Basis for Processing

Under the Personal Data Protection Law (PDPL) of Saudi Arabia, we process your personal data based on the following legal grounds:

  • Consent: By creating an account and using Clinix, you consent to the collection and processing of your personal data as described in this policy.
  • Contractual necessity: Processing is necessary to provide the healthcare management services you have requested, including appointment booking, medical record management, and communication with healthcare providers.
  • Legal obligation: Processing may be required to comply with applicable healthcare regulations and laws in the Kingdom of Saudi Arabia.
  • Legitimate interests: Processing for improving our services, ensuring platform security, and communicating important service updates.

4. How We Use Your Information

We use the information we collect for the following purposes:

  • To create and manage your Clinix account
  • To facilitate appointment booking, scheduling, and management
  • To store and manage your medical records, prescriptions, and radiology results
  • To send appointment reminders via email and push notifications (24 hours, 2 hours, and 15 minutes before appointments)
  • To generate and manage invoices for medical services
  • To enable communication between patients and healthcare providers
  • To display clinic and branch locations on maps
  • To calculate distances between your location and nearby clinic branches
  • To send service-related notifications and updates
  • To process and respond to your inquiries submitted through our contact form
  • To improve and optimize our services and user experience
  • To maintain platform security and prevent fraud
  • To comply with legal obligations under Saudi Arabian law

5. How We Store and Protect Your Information

5.1 Data Storage

  • Server-side: Your data is stored in secure databases (MySQL or PostgreSQL) hosted on our servers at clinix.site.
  • File storage: Medical documents, radiology files, and images are stored on our servers and in Firebase Storage (clinix-737af.firebasestorage.app).
  • On-device (mobile app): Authentication tokens are stored in Flutter Secure Storage (encrypted). App data is cached locally using Hive NoSQL database with AES encryption.
  • On-device (web dashboard): Authentication tokens and user preferences are stored in your browser's localStorage.

5.2 Security Measures

  • All data transmission between your device and our servers is encrypted using HTTPS/TLS
  • Authentication tokens are stored using platform-specific secure storage mechanisms (Keychain on iOS, EncryptedSharedPreferences on Android)
  • Local database (Hive) uses AES encryption with keys derived from your authentication token
  • Role-based access control (RBAC) ensures users can only access data appropriate to their role
  • API endpoints are protected by JWT authentication and ownership verification middleware
  • Security headers are enforced using Helmet middleware
  • Rate limiting is applied to sensitive endpoints (OTP, contact form)
  • Account suspension capability to block unauthorized access

5.3 Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with our services. If you request account deletion, we will:

  • Send you a reminder email 24 hours before permanent deletion
  • Perform a soft delete (marking data as deleted) with a scheduled permanent deletion
  • Permanently delete your data after the scheduled deletion date through a cascade deletion process

6. Sharing Your Information

We do not sell, rent, or trade your personal information to third parties. We may share your information in the following circumstances:

  • With healthcare providers: Your medical information is shared with the doctors, clinics, and branches you interact with through Clinix to facilitate your healthcare services.
  • With service providers: We share data with trusted third-party service providers who help us operate Clinix, including:
    • Firebase (Google) for push notifications and file storage
    • Google Maps for location services and geocoding
    • Zoho for email delivery (OTP and appointment reminders)
  • When required by law: We may disclose your information if required to do so by law, regulation, legal process, or governmental request in the Kingdom of Saudi Arabia.
  • To protect our rights: We may share information to enforce our Terms of Service, protect our security, or prevent fraud.
  • With your consent: We may share your information with third parties when you have given us explicit consent to do so.

7. Your Rights Under PDPL

Under the Personal Data Protection Law (PDPL) of Saudi Arabia, you have the following rights regarding your personal data:

  • Right to be informed: You have the right to know what personal data we collect about you and how it is used, as described in this policy.
  • Right of access: You can request a copy of your personal data held by Clinix.
  • Right to correction: You can request the correction of any inaccurate or incomplete personal data through your profile settings or by contacting us.
  • Right to deletion: You can request the deletion of your personal data. You can initiate this through the account deletion feature in the mobile app or by contacting us.
  • Right to object: You can object to the processing of your personal data for certain purposes.
  • Right to restrict processing: You can request that we limit how we use your personal data.
  • Right to data portability: You can request your personal data in a structured, commonly used format.

To exercise any of these rights, please contact us at the email address provided in the "Contact Us" section below. We will respond to your request within the timeframe required by PDPL.

8. Children's Privacy

Clinix is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we become aware that we have collected personal data from a child under 13 without parental consent, we will take steps to delete that information.

9. International Data Transfers

Your personal data may be transferred to and processed in countries other than the Kingdom of Saudi Arabia, including where our service providers (such as Firebase/Google) operate. We ensure that such transfers comply with the requirements of the PDPL and that appropriate safeguards are in place to protect your data.

10. Cookies and Tracking Technologies

Our website and web dashboard use cookies and similar tracking technologies to:

  • Maintain your login session
  • Remember your preferences and settings
  • Improve your browsing experience

You can adjust your browser settings to refuse cookies, but this may affect your ability to use certain features of our website. Our mobile app does not use cookies but may use similar local storage technologies for the same purposes.

11. Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes, we will notify you by posting a notice on our website, sending you an email, or displaying a notification within the Clinix app. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Clinix Healthcare

Email: support@clinix.site

WhatsApp: +966 56 591 0116

Website: www.clinix.site