Privacy Policy

Last updated: February 2026

1. Data Controller

The data controller responsible for processing personal data through the Clinika OS platform is lopes2tech, a company incorporated and operating under Swiss law. Contact: privacy@lopes2tech.com

2. Data We Collect

We collect the following categories of personal data:

  • Account information: name, email address, password (hashed)
  • Clinic information: clinic name, phone number, address, timezone
  • Appointment data: client names, contact details, appointment times, services booked
  • Usage data: access logs, browser type, device type (for security purposes)

3. Legal Basis for Processing

We process personal data under the following legal bases:

  • Contract performance: to provide the Clinika OS service as agreed
  • Legitimate interests: security, fraud prevention, service improvement
  • Legal obligation: compliance with Swiss nDSG and EU GDPR requirements
  • Consent: for marketing communications (if applicable)

4. Data Storage and Security

All data is stored exclusively on servers located in Switzerland. We use industry-standard encryption (TLS in transit, AES-256 at rest) and row-level security policies to ensure clinic data isolation.

Your data never leaves Swiss jurisdiction. We do not transfer data to third countries unless explicitly required by law, and only with appropriate safeguards in place.

5. Data Retention

We retain personal data for as long as your account is active, plus an additional period required for legal or accounting purposes (typically 10 years under Swiss law). You may request deletion of your account and associated data at any time.

6. Your Rights

Under Swiss nDSG and EU GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request erasure (“right to be forgotten”)
  • Restrict or object to processing
  • Data portability (receive your data in machine-readable format)
  • Withdraw consent at any time

To exercise these rights, contact us at: privacy@lopes2tech.com

7. Third-Party Processors

We use the following sub-processors, all operating under strict data processing agreements:

  • Supabase (Swiss-hosted instance): database and authentication
  • Resend: transactional email delivery
  • Vercel: application hosting

8. Cookies

Clinika OS uses strictly necessary cookies for session management and authentication. We do not use tracking, advertising, or third-party analytics cookies.

9. Contact & Complaints

For privacy-related inquiries, contact: privacy@lopes2tech.com

You also have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) at www.edoeb.admin.ch

Privacy Policy — Clinika OS | Clinika OS