Privacy
DrClick is a multi-tenant, security-first health platform. Privacy and data protection are architectural: tenant data is isolated at the database level (PostgreSQL row-level security), every access is authorized and audited, and consent is recorded per subject and purpose.
What we process
Personal and clinical data is processed strictly on behalf of the tenant (the healthcare provider) as data processor, under the provider's instructions and the applicable jurisdiction's rules (GDPR/EHDS in the EU).
Isolation & access
Each tenant's records are separated by row-level security; access is decided by a central, tenant-scoped authorization layer and written to an audit and data-access log.
AI & evidence
AI is assistive, never final. AI recommendations are grounded in cited evidence or refused, and every AI action is recorded — see the Trust & Evidence layer.
Your rights
Access, rectification, erasure, portability and objection are supported through the tenant provider, consistent with GDPR. Contact your provider, or us, to exercise them.
This page is an illustrative summary for the platform preview, not a binding legal notice.