GRAI ClinicOS privacy notice

Privacy and patient data notice

GRAI ClinicOS helps clinics manage appointments, queue flow, visit notes, prescriptions, billing status, and patient communication. This notice explains the practical data handling rules for patients, doctors, and clinic staff.

What data may be collected

Patient name, phone number, age or date of birth, gender, family member details, appointment and queue details, reason for visit, diagnosis, prescription, follow-up date, payment status, and WhatsApp communication details related to clinic service.

Why it is collected

The clinic uses this information to book appointments, manage walk-ins, preserve visit history, prepare prescriptions, send clinic-related WhatsApp updates, and support follow-up care.

Who can access it

Authorized clinic users can access only their clinic's data. Doctor Admins and Doctors can access clinical visit records. Receptionists can manage front-desk queue activity but are restricted from clinical visit notes and prescriptions. GRAI ClinicOS may access limited data only when needed for support, maintenance, security, or legal obligations.

WhatsApp and communication

If a patient or authorized family contact provides a phone number, the clinic may use WhatsApp or phone communication for booking, queue updates, visit summaries, prescription links, follow-up reminders, and clinic service messages. Patients can ask the clinic to stop non-essential communication.

Doctor demo and onboarding leads

When a doctor submits a GRAI ClinicOS demo or registration interest form, we may collect doctor name, clinic name, email, phone number, WhatsApp number, city, state, specialty, medical registration number, and notes if provided. GRAI ClinicOS uses this to contact the doctor about the GRAI ClinicOS demo, onboarding, setup, free trial, and product follow-up. Doctors can opt out anytime by replying STOP on WhatsApp or emailing contact@globalreach-ai.com.

Prescription and medical documents

Prescription PDFs and visit links are protected with controlled access such as signed or short-lived links where possible. Patients should not forward medical links unless they intend to share those details.

Data retention

Patient records are retained for 7 years from the date of last activity, in line with standard Indian medical records practice. After 7 years, records are permanently deleted. If a clinic closes its GRAI ClinicOS account, clinic data is retained for 90 days so the doctor can export it, then permanently deleted.

Correction, export, and deletion requests

Patients may ask the clinic to correct inaccurate details or provide a copy of their visit information where practical. Doctors and clinic owners can request a full data export by emailing contact@globalreach-ai.com. If a patient requests deletion of their records, the clinic or patient can contact contact@globalreach-ai.com with the patient's phone number. Requests are actioned within 30 days. Note that medical records required by law cannot always be hard-deleted immediately but can be restricted from active use.

Data location and safeguards

GRAI ClinicOS uses Supabase, role-based access, row-level security, private storage for medical files, and server-side functions for sensitive operations. All data is transmitted over HTTPS. Prescription PDFs are accessible only through signed, time-limited links. Current data is hosted in Singapore (ap-southeast-1). GRAI ClinicOS is migrating to an India (Mumbai) region setup for production clinics.

Contact

For privacy, data correction, export, or deletion requests, contact contact@globalreach-ai.com. For questions specific to your clinic visit records, contact your clinic directly.

This page is a practical product notice and not legal advice. Clinics remain responsible for complying with laws that apply to their medical practice.

See also: Terms of Service and Data Processing Agreement