Privacy Policy
Last updated: April 2025 · Effective immediately
Your privacy and the privacy of your patients matter to us. This policy explains how DermaLynk handles data across our platform.
1. Introduction
DermaLynk ("we", "our", or "us") is committed to protecting the privacy of clinic owners, staff, and the patient data entrusted to our platform. This Privacy Policy explains how we collect, use, store, and protect information when you use the DermaLynk clinic management platform.
2. Information We Collect
We collect information you provide directly — including clinic details, staff profiles, and account credentials. Patient data (names, contact information, medical history, treatment records) is entered by your clinic staff and stored on our servers. We also collect usage data such as login times, feature usage, and device/browser information to improve the platform.
3. How We Use Your Information
We use collected information to provide and operate the platform, to process payments and manage subscriptions, to send account-related communications (invoices, renewal reminders, critical updates), to improve platform features based on aggregated usage patterns, and to comply with applicable legal obligations. We do not sell your data or patient data to third parties.
4. Patient Data & Your Role as Data Controller
Your clinic is the data controller for all patient information stored in DermaLynk. You are responsible for obtaining patient consent for digital record-keeping as required by the Digital Personal Data Protection Act, 2023 (DPDPA) and any other applicable law. DermaLynk acts solely as a data processor — we process patient data only on your instructions and do not use it for our own purposes.
5. Data Storage & Security
All data is encrypted at rest (AES-256) and in transit (TLS 1.2+). We implement role-based access controls to limit staff access to only the records relevant to their role. Our infrastructure is hosted on secure cloud servers with regular security audits. We maintain audit logs of data access and modifications.
6. Data Retention
We retain account and clinic data for the duration of your active subscription plus 90 days after termination, during which you may export your data. Patient records are retained in accordance with applicable medical record-keeping regulations or as configured by your clinic. After the retention period, data is securely deleted from our servers.
7. Sharing with Third Parties
We do not share your data or patient data with third parties except: (a) with trusted service providers who assist in operating our platform (hosting, payments, email delivery) under strict confidentiality agreements; (b) when required by law, court order, or regulatory authority; (c) in connection with a business transfer (merger or acquisition), with prior notice to you.
8. Cookies & Tracking
We use essential cookies to maintain your login session and platform preferences. We may use analytics cookies to understand platform usage in aggregate. You can disable non-essential cookies in your browser, though this may affect platform functionality. We do not use advertising or cross-site tracking cookies.
9. Your Rights
Under applicable privacy law (including the DPDPA 2023), you have the right to access, correct, or request deletion of your personal data. To exercise these rights, contact us at legal@dermalynk.com. For patient data, requests must come through the clinic that is the data controller for that patient.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification at least 14 days before the changes take effect. Continued use of the platform after changes constitutes your acceptance of the updated policy.
11. Contact Us
For privacy-related questions, data requests, or to report a concern, please contact our Privacy team at legal@dermalynk.com or through our Support page. We aim to respond to all privacy inquiries within 10 business days.