Privacy Policy

1. Who We Are

Medikanic ("we", "us", "our") is a patient intake automation platform for medical tourism clinics. We operate under the domain medikanic.com and provide AI-powered WhatsApp automation services to clinics and their patients.

For privacy-related inquiries, contact us at: [email protected]

2. What Data We Collect

We collect data solely to facilitate the medical intake process on behalf of clinics using our platform. This includes:

Patient data (collected via WhatsApp)

• Name and contact information (phone number)
• Medical photos submitted during the intake flow
• Treatment interests and consultation preferences
• Language preference and country of origin
• Conversation history within the intake bot

Clinic data

• Business contact information
• CRM records and lead data
• Configuration and workflow settings

3. How We Use Your Data

Data collected through our platform is used exclusively for:

• Qualifying and routing patient leads to the appropriate clinic
• Storing patient intake information in the clinic's CRM
• Enabling clinic staff to follow up with prospective patients
• Improving the reliability and accuracy of our automation flows

We do not sell, rent, or share patient data with third parties outside of the clinic the patient is communicating with.

4. WhatsApp & Meta Platform

Our service operates via the WhatsApp Business API, provided by Meta Platforms, Inc. All conversations initiated through our bot are governed by both this policy and WhatsApp's Privacy Policy.

All messages sent through our system are user-initiated — meaning patients contact the clinic first. We do not send unsolicited messages.

Message content and media (including photos) are transmitted via Meta's infrastructure and stored securely on our servers hosted within the European Union (Hetzner Cloud).

5. Data Storage & Security

All patient data is stored on private, self-hosted infrastructure located in the EU. We implement the following security measures:

• Encrypted data transmission (TLS/HTTPS on all endpoints)
• Isolated database instances per service
• Access-controlled media storage (MinIO/S3-compatible)
• No data stored on third-party SaaS platforms

Patient photos submitted during intake are stored in encrypted object storage and are accessible only to the clinic they were submitted to.

6. Data Retention

Patient intake data is retained for as long as the clinic maintains an active account with Medikanic, or as required by applicable law. Upon clinic account termination, data is deleted within 30 days unless a longer retention period is legally required.

Patients may request deletion of their data at any time by contacting the clinic directly or reaching us at [email protected].

7. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Object to or restrict processing of your data
• Data portability

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

8. Cookies

Our main website (medikanic.com) uses Google Analytics to understand visitor behaviour — including pages visited, time on site, and traffic sources. Google Analytics uses cookies for this purpose. No personally identifiable information is shared with Google. You can opt out via Google's opt-out tool. We do not use Meta Pixel or any advertising tracking scripts.

9. Changes to This Policy

We may update this policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Continued use of our services after changes constitutes acceptance of the revised policy.

10. User Data Deletion

To request deletion of any personal data collected through our platform, please send an email to [email protected] with the subject line "Data Deletion Request" and include the phone number used to interact with our system. We will process your request within 30 days and