Brainox Tech is the partner of choice for many of the world’s leading enterprises, SMEs and technology challengers. We help businesses elevate their value through custom software development, product design, QA and consultancy services.

Contacts

A-43, New Mansarovar Colony, Chittor Road
Bundi, Rajasthan, India - 323001

hello@brainoxtech.com

+917665427777

Twitter Facebook-f Pinterest-p Instagram

GDPR & HIPAA Compliance Statement

Effective Date: 18 Aug2025
Last Updated: 18 Aug 2025

At Brainox Tech, we are committed to protecting the privacy and security of all users. Our Healthcare SaaS Platform (AI Appointment Booking, Rescheduling, and Reminder Agent) is designed with compliance in mind, particularly with the General Data Protection Regulation (GDPR) for EU clients and the Health Insurance Portability and Accountability Act (HIPAA) for U.S. healthcare provider.

1. GDPR Compliance (EU)

For clients in the European Union (EU), we comply with the GDPR requirements:

  • Lawful Basis for Processing: Patient data is processed only for legitimate healthcare scheduling purposes.

  • Data Minimization: We collect and process only the minimum information necessary (e.g., name, phone number, appointment details).

  • User Rights: Patients and clients may request access, correction, deletion, or export of their data at any time.

  • Data Transfers: All data is stored securely on AWS servers, which meet GDPR requirements for data protection and international transfer safeguards.

  • Data Protection Officer (DPO): GDPR-related inquiries may be directed to privacy@brainoxtech.com.

2. HIPAA Compliance (U.S.)

For clients in the United States, our SaaS is designed to support HIPAA compliance:

  • HIPAA-Eligible Infrastructure: We use Amazon Web Services (AWS) HIPAA-eligible services for hosting and storage.

  • End-to-End Encryption: All patient communications (via WhatsApp Cloud API) are encrypted in transit and at rest.

  • Administrative Safeguards: Access to healthcare-related data is restricted to authorized personnel only.

  • Limited Data Handling: Our platform is strictly an administrative tool for appointment scheduling and does not process electronic health records (EHRs) or sensitive clinical data.

3. Patient Privacy & Data Security

  • We do not use patient data for advertising or marketing.

  • Data is never sold, shared, or disclosed to unauthorized third parties.

  • Security measures include end-to-end encryption, role-based access controls, and continuous monitoring of AWS infrastructure.

4. Compliance Contact

For compliance-related inquiries:

📧 hello@brainoxtech.com

5. Updates to This Statement

We may update this GDPR & HIPAA Compliance Statement to reflect changes in laws, regulations, or our practices. Updates will be posted on this page with a revised “Last Updated” date.

India (Digital Personal Data Protection Act, 2023 – “DPDP Act”)

If you are located in India, your personal data is processed in accordance with the Digital Personal Data Protection Act, 2023 (“DPDP Act”).

Lawful Basis for Processing

We process your personal data on the following lawful bases under the DPDP Act:

  • Consent – where you have given clear and informed consent for processing (e.g., booking an appointment through WhatsApp).

  • Legitimate Use – where processing is necessary for providing healthcare appointment scheduling, reminders, and related SaaS services.

  • Legal Compliance – where required by Indian law or regulatory authorities.

Your Rights as a Data Principal

As per the DPDP Act, you have the following rights:

  1. Right to Access Information – You can request details of the personal data we process about you.

  2. Right to Correction – You may request correction or updating of your personal data.

  3. Right to Erasure – You can request deletion of your personal data when it is no longer required for the stated purposes.

  4. Right to Grievance Redressal – You may file a complaint regarding data processing with our appointed Grievance Officer.

  5. Right to Nominate – You may nominate another individual to exercise your rights in the event of your incapacity or death.

Grievance Officer (DPDP Act, India)

In compliance with the DPDP Act, we have appointed a Grievance Officer:

Name: Ravi Gautam
Email: hello@brainoxtech.com
Address: A-43, New Mansarovar Colony, Chittor Road, Bundi, Rajasthan 323001, India
Response Timeline: We will acknowledge your grievance within 7 business days and resolve it within 30 business days, as required under Indian law.

Book a Demo