Privacy Policy

1. Data Commitment

At Namma Clinic, we understand that patient records and clinical information are highly sensitive. We are committed to protecting the privacy, confidentiality, and integrity of your clinic's database. This Privacy Policy details the exact types of information we process, how we secure it, and your rights as a workspace administrator.

2. Types of Information Processed

We act strictly under the instruction of subscribing healthcare providers to process the following data blocks:

• Administrator Information: Clinic profiles, employee credentials, billing metadata, and business email channels.
• Encrypted Clinical Records: Patient demographic histories, medical diagnostics, prescriptions, check in timelines, and billing invoices.
• Technical logs: Anonymized loading latencies, browser configurations, and SvelteKit platform diagnostics used strictly to maintain uptime.

3. Data Protection and Encryption Standards

Patient information and clinical metadata are stored inside heavily guarded database clusters. We enforce standard military grade security parameters:

• AES 256 bit Encryptions: All patient files, prescriptions, and demographic histories are encrypted at rest using industry-standard keys.
• TLS 1.3 Transit Encryptions: Data moving between Svelte client side workspaces and our cloud backends is fully encrypted, preventing third party snooping.
• Daily Encrypted Backups: Secure daily redundancy copies are automatically executed, ensuring database recoveries are available at any moment.

4. No Sharing or Monetization Policy

OUR CORE PROMISE: Namma Clinic never sells, leases, rents, or shares clinical patient data with advertising networks, third party brokers, or unauthorized entities. Data is only processed to provide administrative services.

Integrated micro services (such as SMS appointment alert systems or billing payment gateways) are bound under strict HIPAA Business Associate Agreements (BAAs), keeping all data paths locked and legally compliant.

5. HIPAA Compliance Parameters

Our databases strictly adhere to the Health Insurance Portability and Accountability Act (HIPAA) Security Rules. We implement precise audit logging, automated inactivity timeouts, strict employee access credentials, and robust disaster recovery protocols to protect Protected Health Information (PHI).

6. Data Retention and Deletion

Clinical databases are retained only for the active lifecycle of your workspace subscription. Upon subscription termination or client request, all hosted databases, active indexes, and redundancy backups will be permanently purged from our servers within 90 days.

7. Contact Privacy Office

If you have questions regarding our security protocols, regulatory compliance certifications (HIPAA), or wish to audit your clinical workspace logs, please contact our data safety team at nammahealthclinic@gmail.com.