Over 10 years we help companies reach their financial and branding goals. Engitech is a values-driven technology agency dedicated.

Gallery

Contacts

411 University St, Seattle, USA

engitech@oceanthemes.net

+1 -800-456-478-23

Twitter Facebook-f Pinterest-p Instagram

Effective Date: 18 Dec 2024
Last Updated: 19 Aug 2025

At Brainox Tech, we are committed to safeguarding the confidentiality, integrity, and availability of all data entrusted to us. This Data Protection & Security Policy explains how we secure sensitive data—particularly healthcare-related data—and ensure compliance with international standards.

1. Scope

This policy applies to all services provided by Brainox Tech, including:

  • Agency Services → Meta Ads management and reporting.
  • Healthcare SaaS Platform → AI Appointment Booking, Rescheduling, and Reminder Agent integrated with WhatsApp Cloud API.

2. Data Protection Principles

We adhere to globally recognized data protection frameworks such as GDPR (EU), HIPAA (U.S., where applicable), and other relevant regulations. Our practices are guided by:

  • Lawfulness, Fairness, and Transparency → Data is collected and processed lawfully and transparently.
  • Data Minimization → We collect only the data necessary to provide our services.
  • Purpose Limitation → Data is used strictly for agreed purposes (e.g., ads management or appointment scheduling).
  • Integrity & Confidentiality → Data is protected with strong encryption and security controls.

3. Security Measures

a) Encryption

  • All sensitive communications are encrypted in transit (TLS/SSL).
  • Patient messages via WhatsApp Cloud API are secured with end-to-end encryption.
  • Stored healthcare and client data are encrypted at rest using industry-standard AES-256 encryption.

b) Hosting & Infrastructure Security

  • Our Healthcare SaaS is hosted on Amazon Web Services (AWS) with enterprise-grade security.
  • AWS infrastructure complies with international certifications such as ISO 27001, SOC 2, and HIPAA-eligible services.
  • Data is stored in secure regions, with backups and redundancy to prevent data loss.

c) Access Control

  • Strict role-based access ensures only authorized personnel and hospital/clinic staff can access relevant data.
  • Multi-factor authentication (MFA) is enforced for administrative accounts.
  • Regular audits are performed to monitor and review access logs.

d) Data Isolation

  • Healthcare SaaS patient data is stored separately from Agency advertising data.
  • Each hospital/clinic’s data is logically separated to ensure confidentiality and prevent cross-access.

e) Monitoring & Incident Response

  • Continuous monitoring of servers and APIs for suspicious activity.
  • Incident response plan in place for any security breaches, with immediate notification to affected clients.

4. Compliance with Healthcare Data Regulations

  • While Brainox Tech does not provide medical advice, we recognize the sensitivity of healthcare-related data.
  • For clients in the United States, we align our SaaS platform with HIPAA requirements (using HIPAA-eligible AWS services, encryption, and access controls).
  • For clients in the European Union, we comply with GDPR, including user rights for access, correction, and deletion of personal data.

5. Data Retention & Deletion

  • Agency Data (Meta Ads): Retained only for the duration of active services and required reporting.
  • Healthcare SaaS Data (Patient Info): Retained for the duration of the hospital/clinic’s subscription. Data can be deleted upon request.
  • Deletion requests can be submitted via privacy@brainoxtech.com and are processed within [30] days.

6. Responsibilities of Clients & Users

  • Hospitals and clinics using our SaaS must ensure their staff follow proper data handling protocols.
  • Clients are responsible for configuring their accounts securely and ensuring only authorized personnel have access.

7. Updates to this Policy

We may update this Data Protection & Security Policy as our services evolve or as laws/regulations require. Updates will be posted on this page with a revised “Last Updated” date.

8. Contact Us

For questions or concerns regarding this policy, please contact:

Brainox Tech – Data Protection Office
Email: legal@brainoxtech.com
Website: www.brainoxtech.com

AI