Privacy & Security

Your Health Data Privacy & Security on GeraClinic

Your medical data is among the most sensitive information you have. Here is exactly how we protect it — and what you can do with it.

Your data is never sold. Ever.

Security features

🔒

End-to-end encryption

All video consultations, messages, and medical data are encrypted in transit using TLS 1.3. Health records are encrypted at rest using AES-256. Not even GeraClinic staff can view the content of your consultations.

✅

HIPAA-equivalent standards

GeraClinic applies HIPAA-equivalent data handling practices globally — covering access controls, audit logs, staff training, and breach notification. We go beyond local requirements in every country we operate.

📋

Data minimisation

We collect only the data necessary to provide your healthcare. Personal health information is never used for advertising, never sold to third parties, and never shared without your explicit consent.

👤

Access controls

Only the doctors you consult can access your health records for those consultations. You control who can see your records at all times via your Privacy Settings. GeraClinic staff access is logged and audited.

🌌

Infrastructure security

GeraClinic runs on enterprise-grade cloud infrastructure with ISO 27001-certified data centres. All systems are continuously monitored for anomalous access. Penetration testing is performed quarterly.

🔔

Breach notification

In the unlikely event of a data breach, we will notify all affected users within 72 hours as required by GDPR — and sooner wherever regulations allow. We have a documented incident response plan.

Data retention policy

Data type	Retention period	Why
Medical records & consultation notes	7 years	Medical data retention requirement (international standard)
Prescriptions	7 years	Legal requirement in most jurisdictions
Account data (name, email)	Until deletion	Needed to operate your account
Payment records	7 years	Financial regulations (varies by country)
Consultation recordings (if consented)	90 days	Short retention to protect privacy
App usage analytics (anonymised)	24 months	Platform improvement — no personal identifiers

Your data rights

Regardless of where you are in the world, GeraClinic provides all patients with the following rights over their data:

Right to access

Request a full copy of all personal data GeraClinic holds about you, at any time and at no charge.

Right to rectification

Correct any inaccurate personal data — for example, a misspelled name or incorrect date of birth.

Right to erasure

Request deletion of your account and associated data. Medical records required to be retained by law will be deleted after the mandatory retention period.

Right to data portability

Export your health records in a standard format (PDF or HL7 FHIR JSON) to share with other healthcare providers.

Right to restrict processing

Ask GeraClinic to stop using your data for specific purposes (e.g. service improvement analytics) while keeping your account active.

Right to object

Object to any processing of your data based on legitimate interests. We will stop unless we can demonstrate compelling reasons.

How to download or delete your data

Downloading your data

1Log in to your GeraClinic account.
2Go to Account Settings → Privacy.
3Click "Download My Data".
4Choose the data range (all time, or a specific period).
5A download link will be emailed to you within 24 hours. The archive includes your medical records, prescriptions, consultation notes, and account data.

Deleting your account

1Go to Account Settings → Privacy.
2Click "Delete My Account".
3Confirm with your password.
4Your account is deactivated immediately. Personal data (name, email, account details) is permanently deleted within 30 days.
5Medical records are retained for the legally required period (typically 7 years), then deleted.

For any data request, you can also email privacy@geraclinic.com. We respond to all privacy requests within 30 days as required by GDPR.

Frequently asked questions

Who can see my health data?

Only you and the doctors you have directly consulted on GeraClinic. Doctors can only see data from consultations you booked with them — they cannot see records from other GeraClinic doctors unless you explicitly share them. GeraClinic staff have access only to operational data needed to run the platform, and all access is logged.

Does GeraClinic share my data with health insurers?

No. We never share your health data with insurers, employers, or any third party without your explicit written consent. The only exception is a legal requirement — for example, a court order. In that case we notify you as soon as we are legally permitted to do so.

Is my consultation recorded?

Video consultations are not recorded by default. Some doctors may ask for your consent to record for documentation purposes. You can decline at any time. If you consent to recording, the recording is stored encrypted in your health records and accessible only to you and the consulting doctor.

How long is my data retained?

Medical records are retained for 7 years from the date of the consultation, as required by medical data standards in most jurisdictions. After 7 years, records are securely deleted. Account data (name, email) is deleted within 30 days of an account deletion request.

What are my rights under GDPR?

If you are in the EU or UK, you have the right to access your data, correct inaccuracies, request deletion, restrict processing, and data portability. Submit a GDPR request from your Privacy Settings or email privacy@geraclinic.com. We respond within 30 days.

Can I transfer my GeraClinic records to another doctor or platform?

Yes. From your dashboard, go to Medical Records → Export. You can download your complete health history as a standard medical format (PDF or HL7 FHIR JSON). This file can be shared with any doctor or uploaded to other healthcare platforms.

Was this article helpful?

Questions about your data? Contact our privacy team