Privacy Policy

This Privacy Policy is governed primarily by the Swiss Federal Act on Data Protection (nDSG / FADP), which entered into force on 1 September 2023. Where ClinicPulse is accessed by clinics established in the European Economic Area (EEA), the EU General Data Protection Regulation (GDPR) also applies alongside the nDSG.

The competent supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC / PFPDT), reachable at www.edoeb.admin.ch.

Ising Digital Sàrl is a limited liability company (Sàrl) registered under Swiss law. Contact: see Section 15.

Under data protection law, our role depends on which data is being processed:

• Data Controller — for the personal data of clinic administrators and staff (account registration, authentication, profile information). Ising Digital determines the purpose and means of this processing.
• Data Processor — for patient data entered by clinics into the platform. In this role, Ising Digital processes patient data exclusively on the documented instructions of the clinic, which is the Data Controller for its patients. The terms governing this processor relationship are set out in the Data Processing Agreement (DPA) accepted at registration.

Important for clinics: As the data controller for patient data, your clinic is responsible for ensuring that your collection and use of patient information complies with applicable law, including obtaining any consent or establishing any legal basis required under the nDSG, GDPR, or applicable cantonal health law.

A. Clinic User Data (Ising Digital as Controller)

• Full name and email address (registration and profile)
• Password (hashed and never stored in plaintext; managed by Supabase Auth)
• TOTP MFA secret (if MFA is enabled; stored encrypted by Supabase Auth)
• Organisation membership and role (admin or staff)
• Session tokens (Supabase JWT, stored in secure HTTP-only cookies)
• Google account display name and email (if you sign in via Google OAuth)

B. Clinic Organisation Data

• Clinic name, profession type, and timezone
• Alert email address (the clinic's designated recipient for automated alerts)

C. Patient Data (Ising Digital as Processor, clinic as Controller)

All fields below are encrypted at rest using AES-256-GCM before being stored in our database.

• First name, last name
• Email address (optional)
• Phone number (optional)
• Date of birth (optional)
• Clinical notes (optional, free text)
• Patient reference code (a clinic-assigned identifier, e.g. "H3339" — stored in plaintext as it contains no inherently identifying information)

Health data is sensitive data under Art. 5 lit. c nDSG and Art. 9 GDPR. Clinical notes and, in context, all patient fields entered by a healthcare professional constitute health-related personal data and receive the highest level of protection under this policy.

D. Dynamic Table & Cell Data

• Custom table and column names (plaintext metadata)
• Text-type cell values (encrypted at rest with AES-256-GCM)
• Date, select, number, and boolean cell values (stored in plaintext; required for automation trigger evaluation)

E. Email & Automation Logs

• Recipient email address (organisation alert address, not patient email)
• Email subject (plaintext)
• Email body (encrypted at rest)
• Patient IDs matched by the automation rule (no decrypted PII)
• Send status, timestamp, and error messages

F. Technical & Infrastructure Data

• IP addresses and browser metadata (processed by Supabase and Vercel infrastructure; we do not access these directly)
• Application error logs (no personal data intentionally included)

We rely on the following legal bases under nDSG Art. 31 and GDPR Art. 6:

For health data (sensitive personal data) under Art. 5 lit. c nDSG / Art. 9 GDPR: Ising Digital processes such data solely on the instructions of the clinic. Clinics must ensure they have a valid legal basis for processing patient health data (e.g., professional treatment relationship, explicit patient consent, or applicable cantonal health legislation).

We implement technical and organisational measures appropriate to the risk:

• At-rest encryption: Patient PII and text-type cell values are encrypted using AES-256-GCM. Each clinic has a unique Data Encryption Key (DEK), itself encrypted ("wrapped") by a Master Key held server-side in environment variables and never transmitted to clients or stored in the database.
• In-transit encryption: All connections between your browser, the ClinicPulse application, and our database use TLS 1.2 or higher.
• Browser-side key unlocking: On dashboard access, an ephemeral RSA-OAEP keypair is generated in the browser. The server wraps the DEK with the browser's public key; the private key is marked non-extractable and is never persisted. This prevents DEK extraction via browser developer tools.
• Authentication security: Passwords are hashed (managed by Supabase Auth). Optional TOTP multi-factor authentication (MFA) is available and enforceable per clinic.
• Access control: Row-Level Security (RLS) is enabled on all database tables, ensuring strict tenant isolation. No clinic can access another clinic's data.
• Principle of least privilege: The daily automation job (cron) processes only plaintext structured data (dates, numbers, select values) and never decrypts patient PII. Aggregate alert emails contain no patient names or contact details.

We do not sell personal data. We share data only with the following trusted sub-processors under written agreements:

Our primary database and authentication infrastructure (Supabase) is hosted in the Switzerland (Zurich) region. All patient data — stored encrypted at rest — never leaves Swiss territory. This means ClinicPulse fully satisfies the "data stays in Switzerland" requirement under the nDSG for its primary data store.

Google LLC and Vercel Inc. are US-based companies. The Swiss Federal Council recognised the Swiss–US Data Privacy Framework (DPF) on 14 August 2024 (effective 15 September 2024). Both Google and Vercel participate in the DPF, which provides an adequate level of data protection for the limited data transferred to the USA (OAuth login data via Google; application traffic via Vercel's global CDN).

For EEA-based clinics: transfers to the USA are additionally covered by the EU–US DPF and/or Standard Contractual Clauses (SCCs). Application traffic routed through Vercel's global CDN does not constitute a transfer of stored patient data.

ClinicPulse uses only essential cookies necessary for authentication. These are secure, HTTP-only session cookies set by Supabase Auth to maintain your signed-in session.

We do not use analytics cookies, advertising cookies, tracking pixels, or any third-party behavioural tracking technology. No consent banner is required for essential-only cookies under Swiss law.

Under the nDSG and, where applicable, the GDPR, you have the following rights with respect to your personal data:

• Right of access (Art. 25 nDSG / Art. 15 GDPR): Request a copy of the personal data we hold about you.
• Right to rectification (Art. 32 nDSG / Art. 16 GDPR): Request correction of inaccurate or incomplete data.
• Right to erasure (Art. 32 nDSG / Art. 17 GDPR): Delete your account directly in Settings → Delete Account. This permanently deletes all data associated with your account (and your entire organisation if you are the last admin).
• Right to data portability (Art. 28 nDSG / Art. 20 GDPR): Request your data in a structured, machine-readable format. Contact us at the address in Section 15.
• Right to object (Art. 32 nDSG / Art. 21 GDPR): Object to specific processing activities, in particular those based on legitimate interests.
• Right to lodge a complaint: You may lodge a complaint with the FDPIC at www.edoeb.admin.ch (Switzerland), or with the data protection authority in your EU member state.

For rights regarding patient data, patients should contact their clinic directly. Ising Digital, acting as processor, will assist the clinic in fulfilling such requests.

When a clinic registers on ClinicPulse, it enters into a Data Processing Agreement with Ising Digital Sàrl, incorporated by reference into the Terms of Service. The DPA governs the processing of patient data by Ising Digital on behalf of the clinic and satisfies the requirements of Art. 9 nDSG and Art. 28 GDPR.

Clinics that require a separately signed DPA (e.g. for internal compliance or insurance purposes) may request one by contacting us at the address in Section 15.

In the event of a personal data breach that is likely to result in a high risk to the rights and freedoms of individuals, Ising Digital will:

• Notify the FDPIC as soon as possible (nDSG does not specify a fixed deadline, unlike GDPR's 72-hour window, but we target notification within 72 hours of becoming aware of the breach).
• Notify affected clinics without undue delay so that they can fulfil their own notification obligations towards their patients.
• Provide information on the nature of the breach, its likely consequences, and the measures taken or proposed to address it.

ClinicPulse is a professional B2B service. We do not knowingly collect personal data from individuals under the age of 18 as registered users. Patient records may contain data relating to minor patients where this is part of the clinic's legitimate healthcare activities; such data is subject to the same protections described in this policy and to the clinic's own legal obligations.

We may update this Privacy Policy from time to time. We will notify you of material changes via email to your registered address or via an in-app notification at least 30 days before the change takes effect. The date at the top of this page reflects the most recent update. Continued use of ClinicPulse after the effective date constitutes acceptance of the updated policy.

For privacy-related questions, to exercise your data subject rights, or to request a signed DPA: