Privacy Policy

Last updated: 12 June 2026

1. Who we are

DR. CRM (“the Service”, “we”, “us”) is a clinic management platform operated at drcrm.cloud, developed and maintained by Codohub. It is used by medical and dental clinics (“Clinics”) to manage their day-to-day operations.

2. Data we process

We process two categories of data:

  • Account data — name, email address, and encrypted password of clinic staff who create accounts on the Service.
  • Clinic data — patient records, appointments, clinical notes, prescriptions, billing records, and documents that Clinics enter into the Service. Each Clinic is the owner and controller of its own data; we process it solely to provide the Service to that Clinic.

3. How clinic data is protected

  • Every Clinic's data is isolated — staff of one clinic can never access another clinic's records.
  • All data is encrypted in transit (HTTPS/TLS) and stored in encrypted databases.
  • Passwords are stored only as one-way bcrypt hashes — we cannot read them.
  • Access requires authentication; role-based permissions limit what each staff member can do.

4. What we never do

  • We never sell, rent, or share patient data with third parties.
  • We never use patient data for advertising or model training.
  • We never contact a Clinic's patients except on the Clinic's explicit instruction (e.g. appointment reminders the Clinic configures).

5. Sub-processors

The Service runs on trusted infrastructure providers: Vercel (application hosting), Neon (database hosting), Resend (transactional email such as invites and password resets), and Meta's WhatsApp Business API (messages a Clinic chooses to send, using the Clinic's own WhatsApp Business account). Each provider processes data only as needed to deliver their function.

6. WhatsApp messages

Reminders and messages are sent only to patients who have opted in, from the Clinic's own WhatsApp Business number. Patients can opt out at any time by informing their clinic, which can disable messaging per patient.

7. Data retention & deletion

Clinic data is retained for as long as the Clinic maintains an active account. A Clinic may request complete deletion of its account and all associated data at any time, after which the data is permanently removed from our systems.

8. Cookies

We use only essential cookies — a session cookie that keeps you signed in. We do not use advertising or cross-site tracking cookies.

9. Changes & contact

We may update this policy as the Service evolves; material changes will be reflected by the date above. For privacy questions or data deletion requests, contact us via codohub.com.