Privacy Policy

Your privacy and the security of medical data are our top priorities

Last Updated: January 23, 2026

MediFlow ("we," "our," or "us") is committed to protecting your privacy and the confidentiality of medical and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our medical software products and services. This policy complies with applicable privacy laws in Bangladesh, including the Digital Security Act, 2018, and healthcare data protection requirements.

1. Information We Collect

1.1 Information You Provide

We collect information that you voluntarily provide to us, including:

  • Account Information: Name, email address, phone number, organization name, job title, and other contact details
  • Medical and Patient Data: Patient records, medical histories, diagnoses, treatment information, prescriptions, and other health-related data that you input into our systems
  • Billing Information: Payment card details, billing address, and transaction history
  • Support Information: Information you provide when requesting support, including technical details and problem descriptions
  • Communication Data: Correspondence, feedback, and other communications you send to us

1.2 Automatically Collected Information

When you use our Services, we automatically collect certain information, including:

  • Usage Data: How you interact with our Services, features used, time spent, and access patterns
  • Device Information: IP address, browser type, operating system, device identifiers, and hardware information
  • Log Data: Server logs, error reports, and system performance data
  • Location Data: General geographic location based on IP address (not precise location)

1.3 Information from Third Parties

We may receive information about you from third-party sources, such as:

  • Healthcare providers or facilities that use our Services
  • Payment processors and financial institutions
  • Service providers and business partners
  • Public databases and government records (where legally permitted)

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: To provide, maintain, and improve our medical software services
  • Patient Care: To enable healthcare providers to deliver medical services, manage patient records, and coordinate care
  • Account Management: To create and manage your account, process transactions, and provide customer support
  • Communication: To respond to your inquiries, send important service updates, and provide technical support
  • Security: To detect, prevent, and address security threats, fraud, and unauthorized access
  • Compliance: To comply with legal obligations, healthcare regulations, and industry standards
  • Analytics: To analyze usage patterns, improve our Services, and develop new features (using aggregated, anonymized data)
  • Legal Requirements: To respond to legal requests, enforce our agreements, and protect our rights

3. Medical and Patient Data

We understand the sensitive nature of medical and patient information. Our handling of such data is governed by strict protocols:

  • Healthcare Provider Responsibility: Healthcare providers using our Services are responsible for obtaining all necessary patient consents and authorizations before inputting patient data
  • Limited Access: We access patient data only as necessary to provide, maintain, and support our Services, or as required by law
  • No Unauthorized Use: We do not use patient data for marketing, advertising, or any purpose other than providing our Services
  • Data Minimization: We collect and process only the minimum amount of data necessary for our Services
  • Professional Standards: We adhere to healthcare industry standards and best practices for medical data handling

4. Information Sharing and Disclosure

We do not sell your personal information or patient data. We may share information only in the following circumstances:

4.1 With Your Consent

We may share information when you have given us explicit consent to do so.

4.2 Service Providers

We may share information with trusted third-party service providers who assist us in operating our Services, such as:

  • Cloud hosting and infrastructure providers
  • Payment processors
  • Technical support and maintenance providers
  • Data analytics and security service providers

All service providers are contractually obligated to protect your information and use it only for specified purposes.

4.3 Legal Requirements

We may disclose information if required by law, court order, or government regulation, including:

  • Compliance with the Digital Security Act, 2018, and other Bangladesh laws
  • Response to valid legal requests from law enforcement or regulatory authorities
  • Protection of rights, property, or safety of MediFlow, our users, or others
  • Enforcement of our Terms of Service or other agreements

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.

4.5 Healthcare Coordination

With proper authorization, we may facilitate the sharing of patient information between authorized healthcare providers for treatment purposes, as permitted by law and patient consent.

5. Data Security

We implement comprehensive security measures to protect your information:

  • Encryption: Data is encrypted in transit (using TLS/SSL) and at rest (using industry-standard encryption algorithms)
  • Access Controls: Strict access controls and authentication mechanisms to ensure only authorized personnel can access data
  • Regular Audits: Regular security audits, vulnerability assessments, and penetration testing
  • Employee Training: All employees receive training on data protection and privacy
  • Incident Response: Established procedures for detecting, responding to, and mitigating security incidents
  • Backup and Recovery: Regular backups and disaster recovery procedures to ensure data availability
  • Compliance: Adherence to healthcare industry security standards and best practices

Important: While we implement robust security measures, no system is completely secure. You should also take appropriate measures to protect your account credentials and data on your end.

6. Data Retention

We retain your information for as long as necessary to:

  • Provide our Services to you
  • Comply with legal obligations and healthcare record retention requirements
  • Resolve disputes and enforce our agreements
  • Maintain security and prevent fraud

Medical and patient records are retained in accordance with applicable healthcare regulations in Bangladesh, which typically require retention for extended periods (often 7-10 years or longer).

When information is no longer needed, we securely delete or anonymize it in accordance with our data retention policies and applicable laws.

7. Your Rights and Choices

Subject to applicable laws and our legal obligations, you have the following rights regarding your information:

  • Access: Request access to the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your information, subject to legal and contractual obligations
  • Objection: Object to certain processing activities, where legally permitted
  • Data Portability: Request a copy of your data in a structured, machine-readable format
  • Withdraw Consent: Withdraw consent for processing where consent is the legal basis
  • Account Management: Update your account information and preferences through your account settings

Note: For patient data, healthcare providers are responsible for managing patient rights and requests in accordance with applicable healthcare privacy laws.

To exercise these rights, please contact us using the information provided in the "Contact Us" section below.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

  • Remember your preferences and settings
  • Analyze how you use our Services
  • Improve security and prevent fraud
  • Provide personalized experiences

You can control cookies through your browser settings. However, disabling cookies may limit your ability to use certain features of our Services.

9. Children's Privacy

Our Services are designed for use by healthcare professionals and organizations, not by children. We do not knowingly collect personal information from children under the age of 18. If you believe we have inadvertently collected information from a child, please contact us immediately so we can delete such information.

Patient data may include information about minors, but such data is collected and processed by authorized healthcare providers in accordance with applicable laws and with proper parental or guardian consent where required.

10. International Data Transfers

Your information may be stored and processed in servers located in Bangladesh or other countries. When we transfer data internationally, we ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable laws.

11. Compliance with Bangladesh Laws

We comply with applicable privacy and data protection laws in Bangladesh, including:

  • The Digital Security Act, 2018
  • Healthcare facility and medical practice regulations
  • Data protection and privacy requirements
  • Medical record keeping and retention requirements

We also adhere to international best practices for healthcare data protection, including principles similar to those found in HIPAA (where applicable) and other recognized healthcare privacy frameworks.

12. Third-Party Links and Services

Our Services may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information to them.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

  • Posting the updated Privacy Policy on our website
  • Sending an email notification to your registered email address
  • Displaying a notice within our Services

The "Last Updated" date at the top of this policy indicates when it was last revised. Your continued use of our Services after such changes constitutes your acceptance of the updated Privacy Policy.

14. Data Breach Notification

In the event of a data breach that may affect your personal information or patient data, we will:

  • Investigate the breach immediately
  • Take appropriate remedial measures
  • Notify affected users and relevant authorities as required by law
  • Provide information about the nature of the breach and steps being taken

We will comply with all applicable breach notification requirements under Bangladesh law, including the Digital Security Act, 2018.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

  • Email: privacy@mediflow.com
  • Data Protection Officer: dpo@mediflow.com
  • Website: Contact Us
  • Address: [Your Company Address], Bangladesh

We will respond to your inquiries within a reasonable timeframe and in accordance with applicable laws.

16. Consent

By using our Services, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with this policy, please do not use our Services.

For healthcare providers, by using our Services, you represent that you have obtained all necessary consents and authorizations from patients for the collection, storage, and processing of their medical information through our Services.

Your privacy is important to us. We are committed to protecting your information and maintaining your trust.