FeaturesEditionsSecurityPricingContact
Language
fraren
Theme
Book a demoRequest early access
Loi 09-08 · CNDP

Privacy policy

How we handle any personal information you share with us — plain-language, Loi 09-08 aligned.

Last updated: 2026-04-19

01

Core principle — your patients' data never touches us

Clinosys is a desktop application. All patient records, consultations, prescriptions and documents live exclusively on the practitioner's own machine (or local-network server), encrypted with AES-256-GCM column-level encryption and keyed with a passphrase only the clinic holds. The clinosys.ma marketing website never processes, transmits or stores any health data.

02

What we collect on this website

We collect only what you voluntarily submit through forms: your name, email, the role you occupy in your practice, preferred OS platform, and the content of any free-text message. We also log the technical referrer and user-agent for security and abuse prevention. We do not use cross-site tracking, fingerprinting, or advertising cookies.

03

Why we collect it

The legal basis is your explicit consent (Loi 09-08, Art. 4). We use your data strictly to (a) send you news about Clinosys availability, (b) respond to your support or sales questions, and (c) prevent abuse. We never sell, rent, or share your data with third parties for marketing purposes.

04

How long we keep it

Early-access list entries are kept until you request removal, or for a maximum of 24 months following our last interaction. Contact-form messages are kept for 36 months for traceability and then permanently deleted. Security logs are rotated every 90 days.

05

Your rights under Loi 09-08

You can request access, rectification, opposition, portability, or deletion of any personal data we hold about you. You can exercise these rights at any time, free of charge, by writing to privacy@clinosys.ma — we'll reply within 30 days. If you're unsatisfied with our response, you can lodge a complaint with the CNDP (www.cndp.ma).

06

Cookies & analytics

By default, the site uses only strictly necessary cookies (session, theme, locale). Analytics (Vercel Analytics, optional Google Analytics 4) are loaded only after you opt in via the cookie banner. You can revoke consent at any time from the footer; analytics cookies are cleared within minutes of revocation.

07

Subprocessors we rely on

To operate this website we use Vercel Inc. (hosting & analytics, USA), Resend (transactional email, EU/USA), Cloudflare Turnstile (anti-bot, USA), and Notion Labs Inc. (career application intake, USA). Each subprocessor is bound by a data-processing agreement. Data flows are limited to the minimum needed and protected by TLS 1.3 in transit.

08

Data transfers outside Morocco

Some subprocessors are based outside Morocco. In line with Loi 09-08 Art. 43–44, we rely on the subprocessors' EU/US adequacy frameworks and on contractual safeguards. You can request a list of the current locations at any time.

09

Security incidents

In the unlikely event of a personal data breach affecting your information, we will notify you and the CNDP within 72 hours of becoming aware, as required by Loi 09-08.

10

Contact

For any question about this policy or a rights request, write to privacy@clinosys.ma or mail HOET Technologies SARL, Casablanca, Morocco.