Privacy Policy

This Privacy Policy describes how MedixaLink (hereinafter, the “Platform”) collects, uses, stores, and protects personal data within the framework of using the medical practice and appointment management service.

1. Data Controller

Blade Link Company (“we”) provides MedixaLink. In many cases, the medical center/professional contracting the service is the Data Controller of their patients' data, and MedixaLink acts as a Data Processor, processing data on behalf of the Controller and in accordance with their instructions (including system configuration).

Privacy Contact: info@bladelink.company.

2. Data We May Process

• Account Data: name, email, profile image, roles/tenancy.
• Patient and Guardian Data: name, ID document, date of birth, phone, address, family relationship, etc.
• Appointment Data: dates, professionals, status, operational notes.
• Clinical Data (Medical History): background, consultations, diagnoses, evolution, attachments, medication, and any other health data the Controller decides to record.
• Technical Data: IP, logs, device/browser identifiers, security events, usage metrics.

3. Purposes of Processing

• Provide the service: management of users, patients, and appointments.
• Support and maintenance, improvements, and bug fixes.
• Security: prevention of fraud, abuse, unauthorized access, audits.
• Operational communication: account notices, relevant changes, service notifications.
• Legal compliance: responding to valid requests from competent authorities.

4. Processing of Health Data

Health data is considered sensitive data in many jurisdictions. In general, the Controller (clinic/professional) determines what data is uploaded and for what purpose, and MedixaLink processes such information to enable clinical and administrative management. The Controller must have the applicable enabling legal basis (for example, provision of health services, consent, or other legal authorization) and comply with confidentiality duties and clinical documentation according to their local regulations.

5. Legal Bases

We process data to the extent necessary for: (i) the execution of the contract (provision of the service), (ii) legitimate interest in security and service continuity, (iii) compliance with legal obligations. For sensitive data (health), the Data Controller must have the appropriate legal basis as applicable.

6. Cookies and Similar Technologies

We may use strictly necessary cookies (session, security, preferences). If you incorporate analytics/marketing, you must publish a cookie policy and, where applicable, implement a consent banner.

7. Recipients, Sub-processors, and International Transfers

We may share data with providers who help us operate the Platform (hosting, database, email, monitoring). Such providers act as sub-processors and are subject to confidentiality and security obligations. We do not sell personal data.

Given that some providers may operate in different countries, there could be international transfer of data. In those cases, we apply contractual safeguards and reasonable measures to protect the information in accordance with applicable regulations.

8. Retention

We retain data as long as there is an active account or it is necessary to provide the service and comply with legal obligations. The Controller (clinic/professional) defines internal clinical retention policies according to their regulations. Upon termination of the relationship, data may be deleted or exported according to the plan/contract and the Controller's instructions.

9. Security

We apply reasonable technical and organizational measures: access control, audit logs, encryption in transit, encryption of certain fields at rest (PII), tenancy segregation, and backup practices. More detail on the Security page.

10. Rights

Depending on applicable regulations (e.g., Argentine Law 25.326 and/or international regulations like GDPR), data subjects may exercise, where applicable, rights of access, rectification, update, deletion, opposition, limitation of processing, and portability.

If your data was uploaded by a clinic/professional, you may need to direct the request directly to them, as they act as the Data Controller. In any case, you can write to us at info@bladelink.company for guidance.

11. Minors

MedixaLink is oriented towards health professionals/centers. Minors' data is treated on behalf of the Controller and under their duty of medical confidentiality and regulatory compliance.

12. Changes

We may update this policy. We will publish the current version on this page, indicating the update date.