PrescriptionPoint

Legal

Privacy Policy

Last updated: July 5, 2026

1. Introduction

This Privacy Policy explains how PixelHope collects, uses, discloses, and protects information through Prescription Point ("the Platform"), used by doctors, their receptionists, and their patients in Bangladesh. Bangladesh does not yet have a fully enacted, comprehensive data protection law; we therefore apply our own security and privacy safeguards rather than relying on legal minimums, while remaining consistent with the Information and Communication Technology Act 2006 and the Digital Security Act 2018.

2. Information we collect

  • Doctor account data — name, phone number, password, BMDC registration number, and certificate/ID documentation submitted for verification.
  • Receptionist account data — name and phone number, created by the inviting Doctor.
  • Patient data — entered by a Doctor or Receptionist: name, age/date of birth, gender, phone number (optional), address, allergies, chronic conditions, visit history, and prescription content. Patients do not create accounts and do not log in.
  • Chamber data — clinic/chamber name, address, contact number, visiting hours, and optional logo.
  • Billing information — subscription status and payment confirmation records (e.g. bKash/Nagad transaction references); we do not store your full payment credentials.
  • Usage data — device/browser information, log data, and general usage patterns needed to operate and secure the Platform.

3. Who controls patient data

Patient data is entered, owned, and controlled by the Doctor (or their Receptionist) who creates it. The Platform acts as a data processor on the Doctor's behalf, storing and presenting that data back to the Doctor and their scoped Receptionists only. It is the Doctor's responsibility to obtain any patient consent required for collecting and recording their health information. No Doctor or Receptionist can access another Doctor's patient records — data is strictly isolated per Doctor.

4. How we use information

  • To operate the Platform: creating and displaying prescriptions, patient records, and chamber letterheads.
  • To verify Doctor identity and BMDC registration before activating an account.
  • To deliver prescription copies to patients via SMS link, where a phone number is on file.
  • To manage subscriptions, billing, and account status (trial/active/expired).
  • To provide customer support and respond to inquiries.
  • To maintain security, detect fraud or abuse, and comply with legal obligations.

5. How we share information

We do not sell personal or patient data. We share information only:

  • With the Doctor's own Receptionist accounts, scoped strictly to that Doctor's data.
  • With third-party SMS gateway providers, solely to deliver prescription links to patients.
  • With payment collection channels (e.g. bKash, Nagad) solely to confirm subscription payments.
  • With Platform Admins, for account verification, subscription management, and platform administration — all such actions are logged in an immutable audit trail.
  • When required to comply with a valid legal request from a Bangladeshi court or law enforcement authority.

6. Data security

Patient and prescription data is encrypted both at rest and in transit. Access to the Platform is protected by authentication, and data is strictly isolated between Doctor accounts (multi-tenant isolation) so no Doctor or Receptionist can view another practice's records. Prescriptions are immutable once finalized, providing a tamper-evident clinical record; corrections are made only via a new, explicitly linked amending prescription.

7. Data retention

Account, patient, and prescription data is retained for as long as the associated Doctor account remains registered on the Platform, consistent with standard medical record-keeping practice, and to preserve the prescription history patients may need to access via their non-expiring SMS links. If a Doctor account is closed, we retain records for a reasonable period thereafter to meet recordkeeping and legal obligations before deletion.

8. Your rights

Doctors and Receptionists may access, update, or request correction of their own account information at any time by contacting us. Because patient records are owned and controlled by the treating Doctor, patients seeking to access, correct, or request deletion of their information should contact their Doctor directly in the first instance; we will assist the Doctor in fulfilling such requests where technically feasible and consistent with medical record-keeping obligations.

9. Cookies & similar technologies

We use essential cookies/local storage to keep you signed in and to remember basic preferences (such as light/dark theme). We do not use these technologies for third-party advertising.

10. Children's data

The Platform is not directed at children and does not knowingly collect account information from anyone under 18. Patient records may include minors (e.g. children, infants), but such records are entered and managed by the treating Doctor or Receptionist on the patient's behalf, not by the child directly.

11. Grievance officer

For privacy concerns or grievances relating to the handling of your information, contact our grievance officer at privacy@prescription-point.com. We will acknowledge and address legitimate grievances within a reasonable time.

12. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law, including any future Bangladeshi personal data protection legislation. Material changes will be notified through the Platform. Continued use of the Platform after changes take effect constitutes acceptance of the revised policy.

13. Contact us

For any questions about this Privacy Policy, contact us at privacy@prescription-point.com.