GRAI ClinicOS privacy notice
Privacy and patient data notice
GRAI ClinicOS helps clinics manage appointments, queue flow, visit notes, prescriptions, billing status, and patient communication. This notice explains the practical data handling rules for patients, doctors, and clinic staff.
What data may be collected
Patient name, phone number, age or date of birth, gender, family member details, appointment and queue details, reason for visit, diagnosis, prescription, follow-up date, payment status, and WhatsApp communication details related to clinic service.
Why it is collected
The clinic uses this information to book appointments, manage walk-ins, preserve visit history, prepare prescriptions, send clinic-related WhatsApp updates, and support follow-up care.
Who can access it
Authorized clinic users can access only their clinic's data. Doctor Admins and Doctors can access clinical visit records. Receptionists can manage front-desk queue activity but are restricted from clinical visit notes and prescriptions. GRAI ClinicOS may access limited data only when needed for support, maintenance, security, or legal obligations.
WhatsApp and communication
If a patient or authorized family contact provides a phone number, the clinic may use WhatsApp or phone communication for booking, queue updates, visit summaries, prescription links, follow-up reminders, and clinic service messages. Patients can ask the clinic to stop non-essential communication.
Doctor demo and onboarding leads
When a doctor submits a GRAI ClinicOS demo or registration interest form, we may collect doctor name, clinic name, email, phone number, WhatsApp number, city, state, specialty, medical registration number, and notes if provided. GRAI ClinicOS uses this to contact the doctor about the GRAI ClinicOS demo, onboarding, setup, free trial, and product follow-up. Doctors can opt out anytime by replying STOP on WhatsApp or emailing contact@globalreach-ai.com.
Prescription and medical documents
Prescription PDFs and visit links are protected with controlled access such as signed or short-lived links where possible. Patients should not forward medical links unless they intend to share those details.
Data retention
Patient records are retained for 7 years from the date of last activity, in line with standard Indian medical records practice. After 7 years, records are permanently deleted. If a clinic closes its GRAI ClinicOS account, clinic data is retained for 90 days so the doctor can export it, then permanently deleted.
Correction, export, and deletion requests
Patients may ask the clinic to correct inaccurate details or provide a copy of their visit information where practical. Doctors and clinic owners can request a full data export by emailing contact@globalreach-ai.com. If a patient requests deletion of their records, the clinic or patient can contact contact@globalreach-ai.com with the patient's phone number. Requests are actioned within 30 days. Note that medical records required by law cannot always be hard-deleted immediately but can be restricted from active use.
Data location and safeguards
GRAI ClinicOS uses Supabase, role-based access, row-level security, private storage for medical files, and server-side functions for sensitive operations. All data is transmitted over HTTPS. Prescription PDFs are accessible only through signed, time-limited links. Current data is hosted in Singapore (ap-southeast-1). GRAI ClinicOS is migrating to an India (Mumbai) region setup for production clinics.
Contact
For privacy, data correction, export, or deletion requests, contact contact@globalreach-ai.com. For questions specific to your clinic visit records, contact your clinic directly.
This page is a practical product notice and not legal advice. Clinics remain responsible for complying with laws that apply to their medical practice.