Privacy Policy

1. Introduction

ChamberBD ("we", "our", "us") is a clinic management and telemedicine platform operated in Bangladesh. We are committed to protecting the privacy and security of your personal information, including sensitive medical data. This Privacy Policy explains how we collect, use, store, and share information when you use our platform.

We process personal and health-related data in line with applicable Bangladeshi laws, including the Bangladesh Digital Security Act, 2018, the draft Bangladesh Data Protection Act (Personal Data Protection Ordinance), and relevant Directorate General of Health Services (DGHS) guidance for patient information. Where users access the service from outside Bangladesh, we apply GDPR/UK-GDPR principles on a best-effort basis.

2. Information We Collect

2.1 Doctor/Practitioner Information

• Full name, email, phone number
• Medical qualifications, degrees, specializations
• Chamber/clinic addresses and schedules
• Profile photo and digital signature
• Payment and billing information

2.2 Patient Information

• Full name (English and Bengali), phone, email
• Date of birth, gender, blood group
• Address and district
• Medical history, prescriptions, diagnoses, vitals
• Appointment and payment records
• Uploaded documents and medical files

2.3 Automatically Collected Information

• IP address and device information
• Browser type and operating system
• Usage patterns and access logs
• Cookies for session management

3. How We Use Your Information

• Service Delivery: To provide clinic management, appointment scheduling, prescription creation, and billing services
• Communication: To send appointment reminders, verification codes, and service notifications
• Improvement: To analyze usage patterns and improve platform features
• Security: To detect fraud, prevent abuse, and protect user accounts
• Legal Compliance: To comply with applicable laws and regulations

4. Data Storage & Security

• All data is stored on secure servers with encryption at rest and in transit (TLS/SSL)
• Passwords are hashed using industry-standard algorithms (bcrypt)
• Medical data is isolated per tenant (doctor) with strict access controls
• Database backups are encrypted and stored securely
• We implement rate limiting, audit logging, and session management to prevent unauthorized access
• Staff access is controlled through granular, chamber-level permissions

5. Data Sharing

We do not sell, rent, or trade personal or medical data. We may share data only in these cases:

• With the Doctor: Patients' medical records are accessible only to their treating doctor and authorized staff
• Public Prescriptions: When a doctor shares a prescription via a public link, only the specific prescription data is visible
• Public Doctor Profiles: Doctor name, qualifications, specialties, and chamber details are publicly visible in the doctor directory
• Legal Requirements: If required by law, court order, or government authority
• Service Providers: Trusted third-party services (email, SMS) that process data on our behalf under strict confidentiality

6. Multi-Tenant Data Isolation

ChamberBD uses a multi-tenant architecture where each doctor's data is completely isolated. No doctor can access another doctor's patient records, appointments, or financial data. This isolation is enforced at the database level through tenant-specific queries and middleware guards.

7. Cookies, Analytics & Marketing Pixels

We use essential cookies for authentication and session management (always on). With your consent we also load:

• Google Analytics 4 — aggregated, anonymized site-usage analytics (IP anonymization enabled).
• Meta (Facebook) Pixel & Conversions API — attribution for advertising campaigns that help us reach more doctors.
• Microsoft Clarity — heatmaps and session replays to debug usability issues (no dashboard or medical data is captured).

Marketing pixels only fire after you click "Accept" on the cookie banner. You can revoke consent any time by clearing cbd_consent from your browser storage or by emailing [email protected]. Medical records are never shared with marketing tools.

8. Your Rights (Data Subject Access Requests)

You have the right to:

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate data
• Deletion / "Right to be forgotten": Request deletion of your account and associated data
• Export / Portability: Download your data in CSV format from the dashboard
• Restriction & objection: Limit how we process your data, including opting out of marketing analytics
• Withdraw consent: Any consent given for analytics/marketing can be withdrawn at any time

To exercise these rights, email [email protected] or [email protected] with the subject line "DSAR — your-request-type". We respond within 30 days as required by local guidance.

Delete my data: Doctors can self-delete from Settings → Account → Delete Account. Patients should ask their treating doctor to remove or anonymize their record, or email [email protected] with the associated phone number for verification.

9. Data Retention

We retain your data for as long as your account is active. After account deletion:

• Personal data is permanently deleted within 30 days
• Medical records may be retained for up to 5 years as required by healthcare regulations
• Financial records are retained as required by tax laws
• Anonymized analytics data may be retained indefinitely

10. Children's Privacy

Our platform is designed for licensed medical practitioners. We do not knowingly collect personal information from children under 18 without parental consent. Patient records for minors are managed by the treating physician.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of significant changes via email or in-app notification. Continued use of the platform after changes constitutes acceptance of the updated policy.

12. Public Prescription Links & Patient PHI

Doctors may generate a public prescription link using a random, unguessable UID to share a single prescription with the patient (for example via WhatsApp). The link only exposes the contents of that single prescription — it does not expose the patient's full record, phone number, or other visits. Doctors can revoke a shared prescription at any time from the dashboard. Search engines are instructed via robots.txt to avoid indexing these links, though we recommend sharing only via trusted channels.

13. Grievance & Contact

If you have any questions about this Privacy Policy or how we handle your data, please contact our Data Protection point of contact: