Privacy Policy

CliniKite is a clinic management platform developed, operated, and supported by HexaRadius Technologies (OPC) Private Limited (“HexaRadius”), a company registered in India under CIN U62020TN2025OPC186873. All references to “CliniKite” in this policy refer to the software platform; all references to the company behind the platform refer to HexaRadius.

The CliniKite platform provides appointment management, digital prescriptions, GST-compliant billing, and patient communication to clinics and independent medical practitioners across India.

Because CliniKite is designed so that every patient record is stored on infrastructure controlled by the clinic, the treating clinic is the data fiduciary (equivalent to the data controller) for the personal data of its patients.

HexaRadius acts as a data processor only in the narrow situations described in this policy — primarily, the delivery of WhatsApp messages initiated by the clinic, and processing of this website’s visitor data.

The personal data HexaRadius itself processes is intentionally minimal. We do not operate a shared database of patient records, nor do we replicate clinical data from clinic systems to our infrastructure.

HexaRadius does not process medical records, prescriptions, diagnoses, lab results, or any other clinical data through its infrastructure. This data remains on the clinic’s CliniKite installation at all times.

CliniKite is architected around data sovereignty for the clinic. Each clinic runs its own isolated instance with a dedicated database on infrastructure it controls — whether that is on-premise hardware at the clinic, a managed cloud instance operated on the clinic’s behalf, or an AWS account registered in the clinic’s name.

HexaRadius does not hold administrative access to clinic databases. There is no shared multi-tenant data store, no administrator credential that grants us access to patient records, and no data replication pipeline to our infrastructure. Each clinic holds all database credentials and encryption keys.

HexaRadius uses a small number of third-party service providers strictly for operational purposes. Each provider processes data under a written agreement and is bound by contractual confidentiality.

• Meta Platforms Ireland — delivery of WhatsApp Business messages initiated by the clinic. Processes patient name, mobile number, and appointment text only during transit.
• Amazon Web Services India — cloud hosting for the managed-cloud deployment option and the CliniKite control plane. All infrastructure is hosted in the Asia Pacific (Mumbai) region.
• Amazon Bedrock — AI inference used to power the optional AI Assistant add-on. Only de-identified text is sent to Bedrock; no patient identifiers are transmitted.

HexaRadius does not sell, licence, or otherwise disclose patient data to pharmaceutical companies, insurance providers, advertisers, data brokers, or any other third party not listed above.

When a clinic uses CliniKite’s WhatsApp integration to send appointment reminders or confirmations to its patients, the clinic is the data fiduciary for that communication. HexaRadius acts as the processor that dispatches the message via the WhatsApp Business Platform.

Patients may stop receiving WhatsApp messages from a clinic at any time by replying STOP to any message. On receipt of the opt-out:

• The clinic is immediately notified of the preference.
• No further WhatsApp messages are sent to the number by that clinic through CliniKite.
• The opt-out does not affect medical appointments or the patient’s relationship with their doctor.

This website uses the minimum cookies necessary for the site to function. We use a privacy-preserving analytics provider that does not fingerprint visitors and does not set tracking cookies. Aggregated, non-identifying statistics are used to understand which pages are reached and how the site performs.

We do not run advertising trackers, social-media pixels, or cross-site identification technologies on this website.

Under the Digital Personal Data Protection Act 2023 (the “DPDP Act”) and applicable Indian law, you have the right to:

• Access— confirm whether your personal data is being processed and obtain a summary.
• Correction— request correction of inaccurate or incomplete personal data.
• Erasure— request deletion of your personal data, subject to applicable legal retention requirements.
• Withdrawal of consent — withdraw consent for WhatsApp communications at any time by replying STOP or by contacting your clinic.
• Grievance redressal — raise a complaint regarding the processing of your personal data with the grievance officer identified in section 12.

For patient records stored in a clinic’s CliniKite installation, these rights are exercised through the treating clinic as the data fiduciary. For data processed by HexaRadius directly, contact the privacy team at [email protected]. We will respond within thirty days.

HexaRadius follows industry-standard practices for the limited data it processes. All data in transit is encrypted using TLS 1.2 or higher. Infrastructure access is restricted to authorised personnel and protected by multi-factor authentication.

Clinic installations use full-disk encryption on on-premise deployments and server-side encryption on managed-cloud deployments. Backup archives are encrypted with keys held exclusively by the clinic.

HexaRadius retains only the data strictly necessary for the purposes described in section 3, and for the periods stated there. Personal data processed for WhatsApp dispatch is not retained after successful delivery. Clinic-level billing data is retained for seven years as required by Indian tax law.

This policy may be revised to reflect changes in our practices, in applicable law, or in the CliniKite product. Material changes will be reflected on this page with an updated effective date, and — where appropriate — communicated to clinics by email.

For privacy-related enquiries, requests, or complaints, please contact:

This policy is governed by the laws of India and any disputes are subject to the exclusive jurisdiction of courts in Chennai, Tamil Nadu, India.