Your health data and privacy are our priority.

This Privacy Policy explains how Suflon TECH LLP (“Suflon TECH,” “we,” “us,” or “our”) collects, uses, stores, shares, and protects personal data when you use MDPLIX, our websites, portals, web applications, support channels, and related services.

Suflon TECH operates MDPLIX, an EMR and healthcare operations platform for clinics, doctors, hospitals, laboratories, pharmacies, and related healthcare workflows, and WOCTOR, a doctor, clinic, hospital, and laboratory listing and patient engagement portal that may connect with MDPLIX for appointment booking and patient access to certain records.

By accessing or using MDPLIX or any related services, you acknowledge that you have read and understood this Privacy Policy.

MDPLIX is currently offered in a beta stage. This means certain features, modules, integrations, workflows, and data connections may still be under active development, testing, refinement, or phased release. As a result, some parts of the platform may change over time, may not function exactly as intended in every situation, and may be updated without prior notice. Additional details relating to beta-stage limitations are set out below.

This Privacy Policy applies to visitors to our websites and product pages, doctors, clinics, hospitals, laboratories, pharmacies, staff, administrators, and other business users of MDPLIX, patients whose information is entered into, uploaded to, processed through, or made accessible via MDPLIX, users who interact with connected services such as WOCTOR for provider discovery, booking, or patient access, representatives of connected entities including pharmacies, laboratories, and other healthcare companies, and vendors, service providers, applicants, and others who interact with us.

This Privacy Policy does not apply to third-party websites, tools, platforms, or services that are not owned or controlled by Suflon TECH, even if they are linked to or accessible through our services.

MDPLIX is an EMR and healthcare management platform that may include patient registration and patient records, appointments, prescriptions, billing and payments, inventory, pricing, treatment plans, connected pharmacy workflows, connected laboratory workflows, care coordination, and referrals. WOCTOR is a connected portal that may display doctors, clinics, hospitals, and laboratory listings, support appointment booking flows that route into MDPLIX, and provide patient login access to certain connected appointment and prescription information originating from MDPLIX.

MDPLIX may also support data movement between one healthcare company and another within the MDPLIX ecosystem in order to improve business operations, care coordination, and service delivery.

Depending on configuration, permissions, and the workflow initiated by the relevant healthcare provider, a prescription may be created in one clinic’s MDPLIX account, and a medicine-related copy of that prescription may be shared with a connected pharmacy for dispensing or fulfillment purposes. Similarly, a lab, investigation, or report-related portion of that prescription, or a related diagnostic order, may be shared with a connected laboratory for testing or reporting purposes. If a patient is referred from one clinic, doctor, or healthcare company to another, a referral-related portion of patient information may also be shared with a connected doctor, clinic, hospital, or other healthcare company for consultation, follow-up, continuity of care, or related operational coordination.

Where possible and appropriate, MDPLIX is intended to follow a minimum necessary sharing approach. This means the system is designed, where feasible, to share only the portion of information reasonably required for the intended workflow, rather than unrestricted access to the full patient record by default. In practical terms, a connected pharmacy may receive medicine, dosage, and prescription fulfillment details only, a connected laboratory may receive test or investigation details and related report instructions only, and a receiving doctor or clinic may receive only the information reasonably necessary for referral, continuity of care, or operational coordination.

Cross-company access, synchronization, or display takes place only to the extent enabled by platform configuration, permissions, account controls, and applicable legal or contractual requirements.

Depending on the context, Suflon TECH may act in different roles in relation to personal data. Where a clinic, hospital, doctor, laboratory, pharmacy, or other healthcare customer enters, uploads, manages, or controls patient or healthcare-related data using MDPLIX, that customer generally remains primarily responsible for determining the purpose and manner of processing, obtaining all required patient notices, consents, permissions, and authorizations, ensuring the lawfulness, relevance, and accuracy of the data submitted, deciding what information is shared, displayed, synchronized, or made accessible, and complying with its own medical, legal, professional, and regulatory obligations.

In that context, Suflon TECH generally provides the software platform and supporting infrastructure, and may act as a service provider, processor, intermediary, or similar supporting role depending on applicable law and the governing contract.

Where a healthcare customer uses MDPLIX to send information to a connected pharmacy, laboratory, patient-facing portal, or another healthcare company, that customer represents that it has obtained all consents, permissions, and authorizations required under applicable law and professional obligations for such sharing or display. This includes, where applicable, sharing prescription details with connected pharmacies, sharing test or investigation details with connected laboratories, enabling patient access to certain records through connected services such as WOCTOR, and sharing referral-related information with another doctor, clinic, or healthcare company.

For account creation, billing, support, fraud prevention, security, analytics, communications, platform administration, and general business operations, Suflon TECH may act as the primary handler of data for its own legitimate operational purposes.

We may collect and process account and business information such as name, clinic or organization name, email address, phone number, business address, job title or role, professional credentials where applicable, login and authentication details, and subscription or billing-related information.

We may also collect operational and clinical data entered into MDPLIX, including patient registration details, appointment records, prescriptions, clinical notes, treatment plans, billing and payment records, inventory and pricing data, pharmacy workflow information, laboratory workflow information, referral and care coordination information, and attached files, reports, or related documents.

Information relating to patients may include demographic information, contact information, appointment history, prescriptions, medical records and treatment-related details, billing-related information, uploaded reports or supporting documentation, and identifiers provided by the healthcare provider or the patient. Where such data is entered by a clinic, doctor, or other healthcare customer, that data is generally processed on behalf of that customer.

We may also collect technical and usage information such as IP address, browser type, device type, operating system, session data, timestamps, page or module access activity, usage logs, performance diagnostics, audit logs, and security or error logs.

Where enabled by the relevant workflow, we may receive information back from connected pharmacies, laboratories, or other healthcare companies, such as order or request status, fulfillment status, test or report status, result delivery confirmation, referral acceptance, coordination status, or related operational updates.

We may collect information directly from you when you register, fill out a form, request a demo, log in, contact support, make a booking, or otherwise use the services. We may also collect information from authorized users who enter or upload data into MDPLIX, automatically through logs, cookies, security tools, analytics tools, and similar technologies, from integrations or connected services enabled by a customer, from connected pharmacies, laboratories, or other healthcare companies involved in a customer-authorized workflow, and from vendors or service providers that support hosting, storage, email delivery, analytics, security, payments, or customer support.

If you provide us with information relating to another person, you represent that you are authorized to do so and that such disclosure and processing are permitted under applicable law.

We use information to provide, operate, maintain, and improve MDPLIX and related connected services, to create and manage accounts, and to enable patient registration, appointments, prescriptions, billing, payments, inventory, pricing, treatment plans, and related operational workflows.

We also use information to support connected pharmacy, laboratory, and referral workflows initiated by the relevant healthcare provider or authorized account, to facilitate authorized company-to-company data flow within the MDPLIX ecosystem for dispensing, diagnostics, referrals, and care coordination, and to support appointment booking and patient engagement flows through connected portals such as WOCTOR.

In addition, we use information to authenticate users and secure accounts, provide onboarding, implementation, troubleshooting, and customer support, monitor performance, service quality, reliability, and product usage, detect, investigate, and prevent fraud, abuse, misuse, unauthorized access, and technical issues, send administrative, transactional, billing, service, and security communications, comply with legal, regulatory, tax, audit, and recordkeeping obligations, enforce contracts, platform rules, policies, and legal rights, and create aggregated or de-identified analytics, reports, and operational insights that do not identify individuals.

We do not sell personal data as a standalone data brokerage activity.

We may share personal data only where reasonably necessary and appropriate. This includes sharing with trusted service providers and subprocessors that help us operate the services, such as providers supporting cloud hosting and infrastructure, managed databases, file and object storage, transactional email delivery, analytics and diagnostics, customer support, security and monitoring, payment processing, and implementation or technical support.

Where a healthcare provider initiates a pharmacy workflow through MDPLIX, the system may share the portion of information reasonably necessary for fulfillment with the selected connected pharmacy. This may include medicine details, dosage instructions, fulfillment-related prescription details, and patient identifiers reasonably necessary to complete the workflow. MDPLIX is intended to support sharing of medicine-related information only, rather than unrestricted access to the full patient record, unless the workflow, configuration, or applicable law requires otherwise.

Where a healthcare provider initiates a laboratory workflow through MDPLIX, the system may share the portion of information reasonably necessary for diagnostics or reporting with the selected connected laboratory. This may include test or investigation requests, report-related instructions, and patient identifiers reasonably necessary to complete the workflow. MDPLIX is intended to support sharing of lab or report-related information only, rather than unrestricted access to the full patient record, unless the workflow, configuration, or applicable law requires otherwise.

Where a patient is referred from one clinic, doctor, or healthcare company to another within the MDPLIX ecosystem, the system may share the portion of information reasonably necessary to support the referral, continuity of care, or related business operations with the connected receiving provider or entity. This may include referral details, consultation notes relevant to the referral, summary medical context reasonably necessary for the receiving provider, and appointment or follow-up coordination details.

Patient and operational data entered into MDPLIX may also be accessible to the healthcare provider and authorized staff operating the relevant account as necessary for patient care, practice operations, and related functions. Where enabled and authorized, patients may access certain data associated with their account through connected patient-facing components, such as WOCTOR.

We may also disclose information in connection with a merger, acquisition, restructuring, financing, reorganization, or transfer of assets, to auditors, lawyers, insurers, or professional advisers, where required by law, legal process, court order, or regulatory request, or where necessary to protect rights, enforce agreements, investigate misuse, or support safety and security. We do not rent, sell, or trade personal information to third parties for their own independent marketing purposes.

To operate the services, we may use third-party infrastructure and operational providers. Our current or typical operational stack may include Amazon Web Services (AWS) for cloud infrastructure and hosting, Amazon RDS for managed database services, Amazon S3 for file and object storage, and Amazon SES for transactional and service-related email delivery. We may also use other vendors for analytics, support, monitoring, security, and payments.

These providers may process personal data only to the extent reasonably necessary to provide services to us. We may add, remove, or replace service providers from time to time as part of normal operations, scaling, security, or system improvements.

We take reasonable technical and organizational measures designed to protect personal data from unauthorized access, misuse, alteration, loss, or unlawful disclosure. These measures may include access controls, authentication safeguards, logging and monitoring, secure hosting practices, encryption in transit, controlled storage environments, environment and account administration controls, and incident response procedures.

However, no software platform, hosting environment, cloud provider, network, or storage system is completely secure, no method of transmission or storage can guarantee absolute protection, and no backup or recovery process can guarantee zero-loss restoration in every circumstance. Outages, interruptions, delays, unauthorized access, system failures, integration issues, user actions, or third-party failures may affect data availability or integrity.

Accordingly, while we use commercially reasonable safeguards, we do not guarantee uninterrupted service, error-free operation, or complete prevention of all loss, corruption, delay, or unauthorized access. Users and customers are responsible for maintaining credential confidentiality, controlling access to their accounts and devices, and using the services in a secure and authorized manner.

Because MDPLIX is currently in beta, certain features, workflows, modules, integrations, and connections may still be under active testing, development, refinement, or phased rollout. During the beta stage, features may be added, changed, limited, interrupted, replaced, or removed, some modules or integrations may not function as expected at all times, synchronization between MDPLIX and connected pharmacies, laboratories, doctors, clinics, or other connected systems may be delayed, incomplete, interrupted, or unavailable, bugs, downtime, temporary failures, or unexpected behavior may occur, and restoration of lost, delayed, corrupted, or incomplete data may not always be possible in every situation.

Customers should maintain appropriate internal safeguards and should not rely on the beta platform as their sole archive, sole backup, or sole fail-safe repository for critical, regulated, medical, financial, or operationally essential records unless expressly agreed in a separate written contract.

We retain information only for as long as reasonably necessary to provide the services, support customers and users, maintain operational, audit, and security records, comply with legal, tax, accounting, contractual, and regulatory obligations, resolve disputes, and enforce agreements and legal rights.

In general, clinic or business account data may be retained while the account is active and for a reasonable period thereafter. Patient data may be retained in accordance with the instructions of the relevant healthcare customer, applicable contractual terms, and any applicable legal or medical recordkeeping requirements. Logs and technical records may be retained for shorter periods, or longer where necessary for security, compliance, or investigations.

After the applicable retention period, data may be deleted, archived, anonymized, or irreversibly de-identified, subject to legal, contractual, backup, and technical constraints. Where immediate deletion is not technically possible, including due to backups, archives, or disaster recovery systems, we may retain limited copies until deletion becomes reasonably practicable.

Depending on applicable law and the role in which we process the data, you may have rights such as the right to request access to your personal data, correction of inaccurate or incomplete information, deletion of certain information subject to applicable exceptions, restriction of or objection to certain processing in some cases, withdrawal of consent where processing is based on consent, and the right to opt out of non-essential marketing communications.

Clinics, doctors, hospitals, laboratories, pharmacies, and other business users may be able to access and update certain account information through platform settings. Patients may be able to access certain appointment or prescription information through connected patient-facing services where such access is enabled. However, where patient data is controlled by a clinic, doctor, hospital, laboratory, pharmacy, or other healthcare provider using MDPLIX, requests for correction, deletion, restriction, or other substantive changes may need to be directed to that healthcare provider first, because that provider may be the primary decision-maker for that data.

If a patient or user requests deletion of data that is controlled by a healthcare provider customer, we may process that request only in accordance with the instructions of the relevant customer, applicable law, contractual obligations, technical feasibility, and required record retention obligations. Customers remain responsible for maintaining any separate records they are required to preserve under applicable law, professional obligations, or internal policies.

We may use cookies, session storage, and similar technologies to support authentication and login continuity, security and fraud prevention, service functionality, user preferences, performance monitoring, and usage analytics and product improvement. You may be able to manage certain cookie preferences through your browser settings. Disabling certain cookies may affect functionality or availability of parts of the services.

Suflon TECH may use infrastructure, vendors, and support functions that involve processing data in jurisdictions outside the location where the data was originally collected. By using the services, you understand that your information may be processed in locations where we or our service providers operate, subject to applicable law and the relevant contractual and operational safeguards.

The services may contain links to third-party websites, portals, or tools, including websites of listed providers, connected entities, or external service platforms. We are not responsible for the privacy, security, content, uptime, or data handling practices of third-party services that we do not own or control. Those services are governed by their own terms and privacy policies.

If we become aware of a confirmed security incident or personal data breach affecting information under our control, we may take reasonable steps to assess and contain the incident, investigate its scope and impact, mitigate further harm where feasible, restore affected systems or services where reasonably possible, and provide notice to affected customers, users, or authorities where required by applicable law, contract, or regulatory obligation.

For privacy-related questions, requests, or complaints, please contact:

Suflon TECH LLP
703, B-68, Moreshwar Building, Sector 1,
Mira Road East, Thane, Maharashtra 401107, India

Privacy Email: support@mdplix.com

Support Email: support@mdplix.com

If you are a patient and your data is controlled by a clinic, hospital, doctor, laboratory, pharmacy, or other healthcare provider using MDPLIX, you may also need to contact that organization directly for certain requests. We will make reasonable efforts to acknowledge and address privacy-related requests within a reasonable timeframe and in accordance with applicable law.

We may update this Privacy Policy from time to time to reflect changes in law or regulation, business operations, platform features, service providers, product structure, or privacy and security practices. We will update the “Last Updated” date when changes are made. Where appropriate, we may provide additional notice through the services or by email.

This Privacy Policy explains how personal data is collected, used, stored, shared, and protected. It does not, by itself, create any specific service-level commitment, uptime guarantee, restoration obligation, or warranty unless such commitment is expressly set out in a separate written agreement.

By using the services, you acknowledge that you have read and understood this Privacy Policy.