Privacy Policy

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Email address (used for login and communication)
• Full name
• Password (encrypted and never stored in plain text)
• Phone number (optional)

1.2 Clinic and Patient Data

You provide and control all data entered into the Service, including:

• Clinic information (name, address, contact details)
• Patient records (name, date of birth, phone number, address, gender)
• Appointment details (date, time, duration, notes, cost)
• Medical history and observations (as entered by you)

Important: You are the data controller for all patient data. We are the data processor. You are responsible for obtaining proper consent from patients to store their information.

1.3 Payment Information

Payment processing is handled by Paddle, our secure payment processor. We do NOT store your credit card details or full payment information on our servers. We only receive:

• Subscription status (active, cancelled, past_due)
• Paddle customer ID and subscription ID
• Plan type (Monthly or Yearly)
• Transaction amounts (for billing history display)

1.4 Usage and Technical Data

• IP address (for security and fraud prevention)
• Browser type and version
• Device information
• Login timestamps and activity logs
• User preferences (language, timezone, theme, currency)

1.5 OAuth Authentication (Google Sign-In)

If you use Google Sign-In, we receive:

• Your Google email address
• Your name
• Google account ID (used to link your account)

We do not access your Google Drive, Gmail, or other Google services.

1.6 Lawful Basis for Processing

We process your data under the following lawful bases as defined by GDPR:

• Account and general data: Performance of a contract (Article 6(1)(b)) — necessary to provide the Service you subscribed to
• Health and patient data (special category): Explicit consent of the data subject (Article 9(2)(a)) and/or processing necessary for the provision of healthcare management tools (Article 9(2)(h))
• Security and fraud prevention: Legitimate interests (Article 6(1)(f)) — to protect the integrity and security of the Service
• Legal obligations: Compliance with applicable law (Article 6(1)(c))

You may withdraw consent at any time by contacting support@logheal.pt or deleting your account.

2. How We Use Your Information

• Provide and maintain the Service: Enable core features like patient management, appointments, and analytics
• Process payments and manage subscriptions: Via Paddle payment processor
• Authenticate and secure your account: JWT tokens, password reset, session management
• Send important notifications: Password reset emails, account security alerts
• Provide customer support: Respond to your inquiries via email
• Improve and optimize the Service: Fix bugs, add features, analyze usage patterns
• Prevent fraud and abuse: Rate limiting, security monitoring, suspicious activity detection

3. Data Storage and Security

3.1 Encryption

• Sensitive patient health data (medical history, prescriptions, clinical observations) is encrypted at the field level using AES-256 encryption before being stored in the database. This means even in the event of a database breach, patient health data cannot be read without the encryption key.
• All data transmitted between your browser and our servers is encrypted using SSL/TLS (HTTPS)
• Passwords are hashed using bcrypt with salt rounds
• Database stored securely with access controls

3.2 Access Controls

• Only you can access your patient data (ownership verification on every request)
• Our engineers cannot access your patient data without explicit authorization
• Role-based access control for multi-user accounts (future feature)

3.3 Backups

• Automated daily backups of all data
• Backups stored in secure, redundant locations
• Point-in-time recovery available

3.4 Security Measures

• Rate limiting to prevent brute force attacks
• XSS (Cross-Site Scripting) prevention
• CSRF protection
• Security headers (HSTS, CSP, X-Frame-Options)
• Regular security audits and updates
• IDOR (Insecure Direct Object Reference) protection

3.5 Data Protection Impact Assessment (DPIA)

Prior to processing special category health data, we conducted a Data Protection Impact Assessment (DPIA) as required under GDPR Article 35. The DPIA assessed the risks associated with processing patient health data and the technical and organisational measures implemented to mitigate those risks, including field-level encryption, access controls, and audit logging.

4. Data Sharing and Disclosure

4.1 We DO NOT sell your data

We never sell, rent, or trade your personal information or patient data to third parties for marketing purposes.

4.2 Third-Party Service Providers

We share limited data with trusted partners who help us operate the Service:

• Paddle (Payment Processing): Processes subscription payments. See Paddle's Privacy Policy.
• Cloud hosting provider: Stores encrypted data on secure servers
• Email service (Resend): Sends transactional emails (password resets, security alerts)
• Sentry (Error Monitoring): Receives anonymized error reports to improve service reliability. Enabled only with your consent. No patient data is included in error reports.
• Cloudflare R2 (Document Storage): Stores encrypted clinical documents in EU-region buckets.

All third parties are contractually obligated to protect your data and use it only for the specified purposes.

4.3 Legal Requirements

We may disclose your information if required by law, such as:

• To comply with a subpoena, court order, or legal process
• To protect the rights, property, or safety of LogHeal, our users, or the public
• In connection with fraud prevention or security investigations

5. Your Rights and Choices

5.1 Access and Export

• You can access all your data anytime through the application
• You can export your account data in CSV format from Settings → Personal Info

5.2 Correction and Updates

• You can edit your account information in Settings → Personal Info
• You can update patient records and clinic information anytime

5.3 Deletion

• Delete individual patient records: Available in the Patients section
• Delete your entire account: Settings → Personal Info → Delete Account (requires password confirmation)
• After account deletion, data is retained for a maximum of 30 days in encrypted backups for recovery purposes only, after which it is permanently and irreversibly deleted from all systems including backups. Health data subject to a GDPR erasure request will be prioritised and deleted within 72 hours of confirmation.

5.4 Preferences

You can control:

• Language preference (English, Spanish, French, Portuguese)
• Timezone
• Theme (Light/Dark mode)
• Currency display
• Default appointment duration

5.5 Marketing Communications

Currently, we only send transactional emails (password resets, security alerts). We do not send marketing emails. If we add marketing communications in the future, you will be able to opt out.

6. GDPR Rights (European Users)

If you are in the European Economic Area (EEA), you have additional rights under GDPR:

• Right to access: Request a copy of your data - Contact support@logheal.pt
• Right to rectification: Correct inaccurate data - Edit directly in the app or contact support
• Right to erasure: Request deletion of your data - Use in-app deletion or contact support
• Right to data portability: Receive your data in a machine-readable format - Contact support@logheal.pt
• Right to object: Object to data processing - Contact support@logheal.pt
• Right to lodge a complaint: File complaint with your data protection authority

6.1 Data Protection Officer

We have assessed our data processing activities in accordance with GDPR Article 37. At our current scale, a formal DPO appointment is not mandatory. Privacy and data protection inquiries are handled directly by our founder and data protection lead at support@logheal.pt. We will appoint a formal DPO as our processing activities grow and when legally required.

7. Children's Privacy

Our Service is intended for healthcare professionals aged 18 and older. We do not knowingly collect personal information from children under 13. If you are under 18, please do not create an account.

Note: While you may store information about pediatric patients in the system, those patients are not users of the Service.

8. International Data Transfers

Your primary data (database, application hosting, document storage) is stored and processed in data centers located within the European Union. Our core infrastructure providers — Neon.tech (database), Render (application hosting), and Cloudflare R2 (document storage) — operate on EU-based servers (Frankfurt/Ireland regions).

Certain ancillary services may process limited, non-clinical data outside the EEA:

• Sentry (Error Monitoring): Receives anonymized error data only when you have given analytics consent. No patient data or health information is transmitted to Sentry.
• Paddle (Payment Processing): May process billing information through servers outside the EEA under Standard Contractual Clauses (SCCs).

Where data is transferred outside the EEA, we ensure adequate safeguards are in place, including Standard Contractual Clauses (SCCs) and Data Processing Agreements (DPAs) with each provider.

9. Data Retention

• Active accounts: Data retained as long as your subscription is active
• After subscription cancellation: your account downgrades to the Free plan, and data remains available under Free tier limits
• Backups: Backup copies may exist up to 30 days after permanent deletion
• Legal requirements: Some data may be retained longer if required by law

10. Cookies and Tracking

We use only strictly necessary cookies required for the Service to function. We do not use advertising, tracking, or analytics cookies.

Cookies we use:

• Authentication cookie: Stores your encrypted session token to keep you securely logged in. HTTPOnly and Secure flags are set. This cookie is strictly necessary and cannot be disabled without preventing login.
• CSRF protection cookie: Prevents cross-site request forgery attacks. Strictly necessary for security.
• Preference cookies: Remember your language, theme, and timezone settings. These improve your experience but can be cleared via your browser settings.

We do NOT use third-party cookies, advertising cookies, or any form of behavioural tracking.

11. Changes to Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via:

• Email notification
• In-app notification
• Updated "Last Updated" date at the top of this policy

Continued use of the Service after changes constitutes acceptance.

12. Contact Us

For privacy-related questions or to exercise your rights:

Email: support@logheal.pt

Subject Line: "Privacy Inquiry" or "GDPR Request"

Response Time: We aim to respond within 48 hours for privacy requests