Legal & Privacy

Privacy Policy

Last updated: 30 April 2026 AmrioxClinic Platform English
Summary (TL;DR)

AmrioxClinic collects clinic and patient information solely to provide our appointment booking and management service. We use WhatsApp (via Meta's Business API) to send automated booking reminders to patients who have provided their phone number. We do not sell your data. Patients can opt out of WhatsApp messages at any time. This policy explains what we collect, why, and how you can control your information.

Section 01

Introduction

AmrioxClinic ("we", "us", or "our") is a Software-as-a-Service (SaaS) clinic management platform operated in Pakistan. We provide tools for clinics to manage appointments, staff, patient records, and automated notifications including WhatsApp messaging.

This Privacy Policy explains how we collect, use, store, and share personal information when you use our platform — whether you are a clinic owner, a clinic staff member, or a patient booking an appointment.

By using AmrioxClinic, you agree to the practices described in this policy. If you do not agree, please discontinue use of the platform and contact us to have your data removed.

Section 02

Data We Collect

We collect different categories of information depending on your role:

Clinic Owners and Staff:

  • Full name and email address
  • Phone number and WhatsApp number
  • Clinic name, address, city, and country
  • Specialisation, working hours, and services offered
  • Subscription and billing details (plan, payment dates — no card numbers stored)
  • Account credentials (email address and hashed password)

Patients and Customers:

  • Full name and phone number (provided when booking)
  • Email address (optional, if provided)
  • Appointment details: date, time, service, doctor, and status
  • Visit notes added by clinic staff

Technical Data (collected automatically):

  • IP address and browser type (standard server logs)
  • Session data required to keep you logged in
  • WhatsApp message delivery logs (sent, failed, retry status)
Section 03

How We Use Your Data

We use the information we collect strictly to operate and improve the AmrioxClinic platform. Specific purposes include:

  • Booking management — creating, confirming, rescheduling, and cancelling appointments
  • WhatsApp notifications — sending automated booking confirmations, reminders, follow-ups, and cancellation notices to patients
  • Email notifications — sending booking alerts and account emails to clinic owners and staff
  • Account management — onboarding clinics, managing staff access, and resetting credentials
  • Subscription and billing — tracking plan usage, sending renewal reminders, and recording payments
  • Platform security — detecting abuse, preventing unauthorised access, and maintaining audit logs
  • Platform improvement — analysing aggregate usage patterns to improve features (no individual profiling)

We do not use your data for advertising, profiling, or sell it to third parties.

Section 04

WhatsApp Messaging

AmrioxClinic uses the WhatsApp Business API, provided by Meta Platforms, Inc., to deliver automated appointment messages to clinic patients.

WhatsApp Messaging Practices
  • Messages are sent only to patients who have provided their phone number when booking an appointment with a clinic on our platform
  • Message types include: booking confirmation, appointment reminder, appointment cancellation, rescheduling notice, and follow-up messages
  • All message templates are pre-approved by Meta through the WhatsApp Business API programme
  • Patients can opt out at any time by replying "STOP" to any message, or by contacting the clinic directly
  • We do not use WhatsApp to send marketing, promotional, or unsolicited messages
  • Phone numbers are used solely for appointment-related communication and are never shared with other clinics or third parties

WhatsApp messaging is governed by Meta's own privacy policy, which you can read at: whatsapp.com/legal/privacy-policy

By providing your phone number when booking an appointment, you consent to receiving WhatsApp messages related to that appointment. You may withdraw consent at any time as described above.

Section 05

Data Sharing and Third Parties

We share personal data with third parties only as necessary to operate our service:

  • Meta Platforms, Inc. (WhatsApp Business API) — patient phone numbers and message content are transmitted to Meta's servers for delivery of appointment notifications. Meta's use of this data is governed by their own privacy policy.
  • Email service provider (SMTP relay) — clinic owner and staff email addresses are used to deliver transactional emails. Our SMTP provider processes these addresses only to route email delivery and does not retain or use them for any other purpose.
  • Hosting provider — our application is hosted on servers managed by our infrastructure provider. Data is stored on servers located within our hosting provider's infrastructure.

We do not:

  • Sell personal data to any third party
  • Share data with advertising networks or data brokers
  • Use patient data across different clinic accounts
  • Transfer data for purposes other than those described in this policy

We may disclose personal data if required to do so by applicable law, court order, or legitimate government authority, and only to the extent legally required.

Section 06

Data Retention

We retain personal data for as long as necessary to provide our services and meet legal obligations:

  • Active clinic accounts — all clinic, staff, and patient data is retained for as long as the clinic's subscription remains active
  • Cancelled or expired subscriptions — data is retained for 30 days after expiry to allow reactivation, then scheduled for purging
  • Deleted clinic accounts — all associated data is permanently purged within 90 days of a deletion request
  • Booking records — retained for 2 years from the date of appointment for operational and compliance purposes
  • WhatsApp message logs — retained for 90 days for debugging and retry purposes, then deleted
  • Server logs (IP addresses) — retained for 30 days in standard server logs, then automatically purged

To request early deletion of your data, please contact us using the details in Section 11.

Section 07

Your Rights

You have the following rights regarding your personal data held by AmrioxClinic:

Right to Access
Request a copy of the personal data we hold about you.
Right to Correction
Ask us to correct any inaccurate or incomplete personal data.
Right to Deletion
Request permanent deletion of your personal data, subject to legal retention requirements.
Right to Opt Out of WhatsApp
Reply "STOP" to any WhatsApp message, or contact the clinic directly to stop receiving appointment notifications.
Right to Object
Object to processing of your data where we rely on legitimate interests as the legal basis.

To exercise any of these rights, please contact us at:

Privacy Enquiries
support@amriox.com

We will respond to all data rights requests within 30 days.

Section 08

Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or destruction:

  • Encrypted connections — all data transmitted between your browser and our servers is encrypted using HTTPS (TLS)
  • Hashed passwords — passwords are never stored in plain text; we use strong one-way hashing algorithms (bcrypt)
  • Role-based access control — clinic staff can only access data relevant to their role (owner, receptionist, doctor)
  • Audit logging — all significant actions within a clinic account are logged with timestamps and user identity
  • Session security — sessions expire after inactivity and are protected against common web vulnerabilities

No system is completely immune to security threats. If you believe your account or data has been compromised, please contact us immediately at support@amriox.com.

Section 09

Cookies

AmrioxClinic uses a minimal number of cookies, strictly required to operate the platform:

  • Session cookie — keeps you logged in during your browser session. Expires when you close your browser or log out
  • CSRF token cookie — protects forms from cross-site request forgery attacks. Required for security

We do not use:

  • Advertising or tracking cookies
  • Third-party analytics cookies (e.g. Google Analytics)
  • Persistent profiling cookies

Because we only use strictly necessary cookies, we do not require a cookie consent banner. You can disable cookies in your browser settings, but this will prevent you from logging in to the platform.

Section 10

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or platform features. The date at the top of this page shows when it was last revised.

For significant changes, we will notify clinic owners via email before the change takes effect. Your continued use of AmrioxClinic after a policy update constitutes acceptance of the revised policy.

We recommend reviewing this page periodically. Previous versions are available on request.

Section 11

Contact Us About Privacy

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:

Email — Privacy Enquiries
support@amriox.com

Or use our contact form and select "Privacy / Data Request" as the enquiry type. We will respond within 30 days.

This policy was last updated on 30 April 2026.  ·  Contact us with any questions.