MyClinicSystem

Privacy Policy

How MyClinic collects, uses, shares, and protects information about visitors, customers, and the patients they care for.

Effective 9 May 2026

This Privacy Policy explains how MyClinic (“MyClinic,” “we,” “us,” or “our”) handles personal information when you visit our marketing website, request a demo, sign up, log in, or use our clinic management software (the “Service”). It applies to information about visitors, leads, customers, the staff our customers invite into the Service, and the patients those customers care for.

1. Two roles: controller and processor

We act in two different roles, and the rules are different in each.

  • We are the controller for information we collect directly: visitors to our website, prospects who contact us, leads generated by our advertising, account owners, and the people we hire and work with.
  • We are a processor for the patient and clinical data our customers store inside the Service. Customers (clinics, doctors, and their staff) decide what to collect, why, and for how long; we host and process it on their instructions and under contract.

2. What we collect

2.1 Information you give us

  • Contact details — name, email, phone, WhatsApp number, clinic name, country, and the message you send us when you request a demo or contact support.
  • Account details — login email, password (stored as a one-way hash), role, and the workspace you create.
  • Billing details — name, billing address, tax ID, and the last four digits and expiry of payment cards. Card numbers themselves are handled by our payment processors and never stored on our servers.
  • Customer Data — anything our customers and their staff enter into the Service: patient demographics, medical history, prescriptions, attachments, schedules, internal notes, lead pipelines, and so on.

2.2 Information collected automatically

  • Device and log data — IP address, browser, operating system, language, referring page, pages visited, timestamps, and crash diagnostics.
  • Cookies and similar technologies — small files used to keep you signed in, remember preferences, measure traffic, and (with your consent) deliver and measure advertising. See “Cookies and tracking” below.
  • Product analytics — feature usage, button clicks, error events, and performance metrics, used to fix bugs and improve the Service.

2.3 Information from third parties

  • Advertising platforms (Meta/Facebook, Google Ads, LinkedIn) — campaign performance, click identifiers, and conversion events that you trigger on our site.
  • Payment processors — confirmation that a payment succeeded, plus the card metadata above.
  • Communication providers — delivery and engagement reports for messages you send through our integrations (email, SMS, WhatsApp).

3. How we use information

  • To create and operate your account and provide the Service.
  • To process payments, issue invoices, and prevent fraud.
  • To respond to enquiries, demo requests, and support tickets.
  • To send service notices, security alerts, and changes to these policies (you cannot opt out of these while you are a customer).
  • To send marketing communications about features, offers, and events — only where permitted by law and where you have not opted out.
  • To run, measure, and optimise our advertising on platforms like Meta, Google, and LinkedIn (see “Advertising”).
  • To improve performance, debug issues, and develop new features.
  • To comply with legal obligations and enforce our Terms of Service.

4. Legal bases (where required)

Where data protection law requires a legal basis, we rely on:

  • Contract — to provide the Service you signed up for.
  • Legitimate interests — running, securing, and improving our business, including limited marketing to existing customers and fraud prevention.
  • Consent — for marketing emails to prospects, advertising and analytics cookies, and any sensitive data we collect directly. You can withdraw consent at any time.
  • Legal obligation — bookkeeping, tax, and responding to lawful requests.

5. Cookies and tracking

We use cookies and similar technologies that fall into a few categories:

  • Strictly necessary — required to sign you in, keep you signed in, and protect against abuse. These cannot be turned off.
  • Preferences — remember your language, theme, and other settings.
  • Analytics — count visitors and measure how the website performs (for example Google Analytics). Loaded only where allowed by law and your choices.
  • Advertising and conversion measurement — used to show our ads on Meta, Google, and LinkedIn, and to know which clicks lead to demos or signups. Loaded only with your consent where required.

You can control cookies through your browser settings, our consent banner (where shown), or your account preferences. Blocking strictly necessary cookies will break the Service.

6. Advertising on Meta, Google, and LinkedIn

We run paid advertising campaigns on Meta (Facebook and Instagram), Google (Search, Display, and YouTube), and LinkedIn. To make those campaigns work responsibly, we may use:

  • Meta Pixel and Conversions API to log when visitors view pages, click buttons, or convert into leads.
  • Google tag, Google Analytics, and enhanced conversions for measurement and audience building.
  • LinkedIn Insight Tag for B2B retargeting and conversion tracking.
  • Custom and lookalike audiences created from hashed email addresses or phone numbers of leads who have given us permission to be contacted, in line with each platform’s data-use rules.

We do not include patient or clinical Customer Data in any advertising audience, and we do not allow advertising platforms to use Customer Data for their own purposes. We do not knowingly target ads on the basis of sensitive categories such as health conditions.

You can opt out of personalised advertising at any time:

7. How we share information

We do not sell personal information. We share it only with:

  • Service providers who run our infrastructure, email delivery, analytics, customer support, payments, and similar functions, under written contracts that limit their use of the data to providing services to us.
  • Advertising platforms as described above, only where you have given consent or it is otherwise permitted by law.
  • Authorities when we are legally required to disclose information, or where disclosure is needed to protect our rights, our customers, or the public.
  • Successors in the event of a merger, acquisition, financing, or sale of assets, in which case we will require the recipient to honour this Privacy Policy.
  • Within your clinic — Customer Data is shared with the people your clinic invites into its workspace, in line with the roles your administrators assign.

8. International transfers

We and our service providers may process information outside your country of residence, including in the European Union and the United States. Where we transfer personal data internationally, we use appropriate safeguards — such as standard contractual clauses — and apply organisational and technical measures designed to keep your information safe.

9. How long we keep information

  • Customer Data is kept for as long as your subscription is active. After cancellation, it remains available for export for at least thirty (30) days, then is deleted or anonymised, unless law requires us to keep it longer.
  • Lead and prospect data is kept for up to twenty-four (24) months from the last meaningful interaction, unless you ask us to delete it sooner.
  • Billing records are kept for the period required by tax law (typically up to ten years).
  • Logs and security records are kept for as long as needed to investigate incidents and detect abuse, then deleted on a rolling basis.

10. Security

We use industry-standard technical and organisational measures to protect information, including encryption in transit, encryption at rest for sensitive fields, role-based access control, audit logging, regular backups, vulnerability monitoring, and least-privilege access for our team. No system is perfectly secure: we will notify affected customers and, where applicable, regulators of significant security incidents in line with the law.

11. Your choices and rights

Depending on where you live, you may have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate or incomplete information.
  • Delete information we no longer need to keep.
  • Restrict or object to certain processing, including direct marketing.
  • Receive a portable copy of information you provided to us.
  • Withdraw consent for processing based on consent.
  • Lodge a complaint with your local data protection authority.

To exercise these rights, email us at

admin@o2logic.com. If you are a patient and your data is held by a clinic that uses MyClinic, please contact that clinic first; they are the controller of your record.

You can unsubscribe from marketing emails using the link at the bottom of every message, or by replying with the word “unsubscribe.” Service-related messages (security alerts, billing notices) cannot be opted out of while your account is active.

12. Children

The Service is intended for clinics and the people who run them, not for children. We do not knowingly collect personal information directly from children under 13 (or the equivalent minimum age in your country) for marketing purposes. Clinics may store paediatric patient records in the Service in their capacity as controller, and they are responsible for obtaining appropriate consents from parents or guardians.

13. Sensitive and health data

Patient health records are sensitive data and we treat them accordingly. We process this data only as a processor on behalf of clinics, only as instructed by them through the Service, and only for the purposes of running the Service. We do not use patient health data for our own marketing or advertising, and we do not sell it.

14. Automated decisions and AI features

Some parts of the Service use machine learning to suggest text, summarise notes, surface insights, or rank leads. These are decision-support features for the trained professionals using the Service; they are not a substitute for clinical judgement and they do not produce decisions that have legal or similarly significant effects without human review.

15. Third-party links

Our website and Service link to third-party websites. We are not responsible for their content or privacy practices; please read their policies before sharing personal information.

16. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or the law. The “Effective” date at the top of this page tells you when it last changed. Material changes will be communicated by email or in-app notice before they take effect.

17. How to contact us

For privacy questions, requests, or complaints, email

admin@o2logic.com or message us on WhatsApp at +201062312347. We are based in the Arab Republic of Egypt.