Over 10 years we help companies reach their financial and branding goals. Engitech is a values-driven technology agency dedicated.

Gallery

Contacts

411 University St, Seattle, USA

engitech@oceanthemes.net

+1 -800-456-478-23

Twitter Facebook-f Pinterest-p Instagram

Effective Date: 18 Aug2025
Last Updated: 18 Aug 2025

At Brainox Tech, we are committed to protecting the privacy and security of all users. Our Healthcare SaaS Platform (AI Appointment Booking, Rescheduling, and Reminder Agent) is designed with compliance in mind, particularly with the General Data Protection Regulation (GDPR) for EU clients and the Health Insurance Portability and Accountability Act (HIPAA) for U.S. healthcare provider.

1. GDPR Compliance (EU)

For clients in the European Union (EU), we comply with the GDPR requirements:

  • Lawful Basis for Processing: Patient data is processed only for legitimate healthcare scheduling purposes.

  • Data Minimization: We collect and process only the minimum information necessary (e.g., name, phone number, appointment details).

  • User Rights: Patients and clients may request access, correction, deletion, or export of their data at any time.

  • Data Transfers: All data is stored securely on AWS servers, which meet GDPR requirements for data protection and international transfer safeguards.

  • Data Protection Officer (DPO): GDPR-related inquiries may be directed to privacy@brainoxtech.com.

2. HIPAA Compliance (U.S.)

For clients in the United States, our SaaS is designed to support HIPAA compliance:

  • HIPAA-Eligible Infrastructure: We use Amazon Web Services (AWS) HIPAA-eligible services for hosting and storage.

  • End-to-End Encryption: All patient communications (via WhatsApp Cloud API) are encrypted in transit and at rest.

  • Administrative Safeguards: Access to healthcare-related data is restricted to authorized personnel only.

  • Limited Data Handling: Our platform is strictly an administrative tool for appointment scheduling and does not process electronic health records (EHRs) or sensitive clinical data.

3. Patient Privacy & Data Security

  • We do not use patient data for advertising or marketing.

  • Data is never sold, shared, or disclosed to unauthorized third parties.

  • Security measures include end-to-end encryption, role-based access controls, and continuous monitoring of AWS infrastructure.

4. Compliance Contact

For compliance-related inquiries:

📧 hello@brainoxtech.com

5. Updates to This Statement

We may update this GDPR & HIPAA Compliance Statement to reflect changes in laws, regulations, or our practices. Updates will be posted on this page with a revised “Last Updated” date.

AI