Privacy Policy for clinic2u

Effective Date: November 7, 2025

This Privacy Policy describes how clinic2u (referred to as "we," "us," or "our") collects, uses, processes, and shares the information we collect from users (referred to as "you" or "user") of our mobile application/website, clinic2u (the "Service").

We take your privacy seriously and are committed to complying with all applicable data protection laws, including the Google API Services User Data Policy.

1. Information We Collect

We collect information directly from you when you use our Service. This information generally falls into two categories:

A. Information You Provide Directly

This includes information you enter when setting up an account or using specific features:

Account Details: Your name, email address, and profile picture (if provided).
User Content: Any content you create, upload, or share through the Service.
Contact Information: Information provided when you contact us for support.

B. Google User Data (Information Collected via Google APIs)

When you choose to sign in or connect your Google Account (the clinic's dedicated email) to our Service, you authorize us to access specific data from your Google Account. We only request the minimum scopes necessary for the Service's core functionality.

The specific Google User Data we access, use, store, and/or transmit is:

Data Type (Scope)	Purpose of Collection and Use	Core Feature it Supports
Google User Profile (Name, Email, Picture)	Used for user authentication, personalization of the Service, and sending essential service-related communications.	Account creation and sign-in.
Google Drive File Access (e.g., via drive.file scope)	Used to securely upload client documents (uploaded by the clinic) directly into the clinic's dedicated Google Drive folder, and to allow the clinic to retrieve those files within the app interface. The app acts as a secure conduit; it does not store copies.	Client Document Management and Secure Upload.

If we utilize any "Restricted Scopes" (such as accessing the body of Gmail messages, sending emails, or managing all files in Drive): We explicitly state that access is only used for the prominent, user-facing features described above and is subject to the strictest use limitations as defined in the Google API Services User Data Policy.

2. How We Use Your Information

We use the information we collect solely for the following purposes:

To Provide the Service: To operate, maintain, and enhance the functionality of clinic2u and deliver the core features you have requested.
Authentication and Account Management: To verify your identity and manage your user account.
Communication: To send you technical notices, updates, security alerts, and support and administrative messages.
Monitoring and Improvement: To analyze usage trends and metrics to diagnose technical problems and improve the performance and features of our Service.
Legal Compliance: To comply with legal obligations and enforce our Terms of Service.

3. Compliance with Google API Services User Data Policy

Our use of information received from Google APIs adheres strictly to the Google API Services User Data Policy.

A. Limited Use and Transfer

We will use the Google User Data accessed via Google APIs only for the purposes explicitly stated in Section 1 and 2 above.

DATA SHARING AND SEGREGATION: The application does not share client documents or Google user data with any third parties. Access to the Google Drive is strictly limited to the authenticated clinic user who owns the Drive account. No external parties, including app administrators or other clinics, can view or access this data.

WE DO NOT AND WILL NOT:

Use or transfer the data for serving ads, including retargeting, personalized, or interest-based advertising.
Use or transfer the data to determine creditworthiness or for any other lending purposes.
Use or transfer the data for sale or rent.

Data transfer to third parties is heavily restricted and only occurs:

As necessary to provide or improve the Service's core features (e.g., using Google's Firebase Firestore for basic application data, but never client documents).
To comply with legal obligations.
As part of a merger, acquisition, or sale of assets (in which case you will be notified).

B. Human Review Restrictions (For Restricted Scopes)

Human access to any restricted scope data (such as Google Drive File content or Gmail body) is strictly prohibited, except in the following, limited circumstances:

If we obtain your prior, explicit consent for specific security, privacy, or legal reasons (e.g., investigating a security incident or complying with a legal subpoena).
When the data has been anonymized, aggregated, and used for internal operations, such as developing and improving generalized models or features, and cannot be traced back to an individual user.

4. How We Store and Protect Your Information

We employ industry-standard administrative, technical, and physical safeguards to protect your personal data, including Google User Data, from loss, theft, unauthorized access, disclosure, alteration, and destruction.

CRITICAL DATA STORAGE METHOD: Client documents are stored exclusively within each clinic's own Google Drive account. The application does not store or duplicate any of the documents on its own servers. All access to Google Drive is handled through Google's official authentication and encryption protocols, ensuring secure transmission and storage.

Encryption: Data is encrypted both during transmission (using SSL/TLS) and when stored at rest.
Access Control: Access to your data is strictly limited to employees, contractors, and agents who need to know that information to process it for us and who are subject to strict contractual confidentiality obligations.
Firebase/Firestore: We utilize Google's Firebase Firestore database for persistent storage of application metadata (e.g., user preferences), which follows Google's robust security and compliance standards.

5. Data Retention

Client documents are stored directly in the clinic's Google Drive, meaning data retention is fully managed by the clinic itself. The application does not retain or archive any user documents. Clinics have full control over their Drive contents and can delete files at any time using Google Drive's native tools. If you delete your app account, we will initiate the deletion of non-document application metadata (like preferences and account details) from our systems within 90 days, except where retention is necessary for legal purposes.

6. Your Data Rights and Choices

Depending on your location and the data we collect, you may have the following rights:

Access: The right to request copies of your personal data.
Correction/Update: The right to request that we correct any information you believe is inaccurate or incomplete.
Deletion (Erasure): The right to request that we delete your personal data.
Withdraw Consent/Revoke Access: You can revoke clinic2u's access to your Google Account at any time by visiting the Google Security Settings page and removing the application from the list of authorized services.

7. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, especially those that affect our use of Google User Data, we will notify you by updating the date at the top of the policy, placing a prominent notice on our website or within the app, and/or sending you an email notification.

8. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

Company Name: clinic2u
Mailing Address: shalom.taib@gmail.com