Privacy Policy

Last updated: June 2026

Privacy Policy

Pacienty — Management software for health and wellness professionals

Document: Privacy Policy of the Pacienty Platform, applicable to Professionals/Users, Clients/Patients and Visitors.
Last updated: June 2026.
Version: 1.0

Table of Contents

  1. FIRST. Introduction and scope
  2. SECOND. Definitions
  3. THIRD. Roles of the parties (controller and processor)
  4. FOURTH. Information we collect
  5. FIFTH. Purposes and legal bases
  6. SIXTH. Communications and reminders (WhatsApp and email)
  7. SEVENTH. Integrations and providers (third parties)
  8. EIGHTH. Data obtained from Google APIs (limited use)
  9. NINTH. How we share information
  10. TENTH. International data transfers
  11. ELEVENTH. Information security
  12. TWELFTH. Data retention
  13. THIRTEENTH. Rights of data subjects
  14. FOURTEENTH. Data of minors
  15. FIFTEENTH. Responsibilities of the professional
  16. SIXTEENTH. Cookies and similar technologies
  17. SEVENTEENTH. Security incidents
  18. EIGHTEENTH. Changes to this policy
  19. NINETEENTH. Governing law and dispute resolution
  20. TWENTIETH. Contact

FIRST. INTRODUCTION AND SCOPE

At Pacienty we are committed to protecting the privacy and security of the personal information of those who use our management platform for independent health and wellness professionals. This Privacy Policy describes how we collect, use, store, share and protect information, and forms an integral part of Pacienty's Terms and Conditions (both those applicable to Professionals/Users and to Clients/Patients).

This Policy applies to: (i) the Professionals or Users who register to manage their practice; (ii) the Clients or Patients who book and/or pay for services through the Platform; and (iii) the Visitors who only browse.

By using Pacienty, you accept the practices described in this Policy. If you do not agree with any aspect, we recommend that you do not use the Platform.

Pacienty is a technology platform (SaaS) and is not a medical, health, psychological, veterinary or any other type of facility, nor does it provide health or professional services of any kind.

SECOND. DEFINITIONS

Capitalized terms have the meaning assigned to them in Pacienty's Terms and Conditions and, in particular:

  • Client or Patient: a person who requires the services of a Professional and accesses the Platform to book and/or pay for those services, without needing to register.
  • Professional or User: a natural person or legal entity that registers on the Platform to manage and offer their professional services.
  • Personal Data and Sensitive Personal Data: have the meaning assigned to them by Chilean data protection law. Sensitive Data includes, among others, physical or mental health data, examinations, diagnoses, genetic or biometric data, sexual life and gender identity.
  • Data Controller: the party that decides on the purposes and means of the processing of Personal Data.
  • Data Processor: the party that processes Personal Data on behalf of the Controller, in accordance with its instructions, without deciding on the essential purposes or means of the processing.
  • Third-Party Integrations: third-party services connected to the Platform, such as Google (Google Calendar and Google Meet), WhatsApp Business Platform and Meta, Mercado Pago, Flow and the Chilean Internal Revenue Service (SII).
  • Platform: Pacienty's website, applications, services and communications.

THIRD. ROLES OF THE PARTIES (CONTROLLER AND PROCESSOR)

The distinction of roles is the cornerstone of data processing at Pacienty:

  • Data of Clients or Patients registered by the Professional (including Sensitive health Data contained in clinical records): the Professional acts as Data Controller and Pacienty as Data Processor, processing such data solely in accordance with the Professional's instructions and to provide the Services. The Professional decides what data to record, for what purpose and for how long, and is responsible for having the applicable consent or legal basis.
  • Data of the Professional's own Account (registration, billing, use of the Platform): Pacienty acts as Data Controller.
  • Client contact data that Pacienty processes to enable the booking, its confirmation and the reminders: Pacienty processes them as Processor on behalf of the Professional and, with respect to the operation of the Platform itself, in accordance with this Policy.

As a general rule, requests from Clients/Patients concerning the data of the consultation must be addressed to the Professional (Controller); Pacienty may forward the request to the responsible Professional and facilitate its handling.

FOURTH. INFORMATION WE COLLECT

4.1 Professional / User Information

  • Registration data: full name, RUT or national ID, email address, phone number, profession and/or specialty, time zone.
  • Professional credentials: professional registration number and certifications, when provided by the Professional.
  • Billing and tax information: data for the subscription and for the issuance of fee receipts or other electronic documents before the SII.
  • Usage data: working hours, schedule configuration, preferences and activity within the Platform.

4.2 Client / Patient Information

  • Basic personal data: name, RUT, date of birth, gender, contact information.
  • Clinical history (Sensitive Data): session notes, diagnoses, treatment plans, progress, recorded by the Professional.
  • Attachments: documents, images and reports related to the consultation.
  • Booking data: service, modality (in-office, at-home or online), date, time and contact details provided when booking.

4.3 Technical Information (all users and Visitors)

  • Device data: device type, operating system, application or browser version.
  • Connection data: IP address, pages visited within the Platform.
  • Cookies and similar technologies: to keep sessions active, measure usage and improve the experience (see Clause Sixteen).

FIFTH. PURPOSES AND LEGAL BASES

The processing of Personal Data is carried out in accordance with Article 19 No. 4 of the Political Constitution of the Republic, Law No. 21,719 on the protection of personal data, Law No. 20,584 with respect to health data, and other applicable regulations, complying with the principles of lawfulness, purpose, proportionality, quality, security, accountability, transparency, confidentiality and minimization.

We use the information to:

5.1 Service provision

  • Manage schedules, public booking profiles and appointments.
  • Store and organize digital clinical records on behalf of the Professional.
  • Process payments through Mercado Pago and/or Flow.
  • Issue fee receipts or other electronic documents before the SII.
  • Send reminders, confirmations and payment links via WhatsApp and/or email.
  • Sync schedules with Google Calendar and create video call links via Google Meet.

5.2 Service improvement

  • Analyze use of the Platform to improve features and performance, preferably on aggregated or anonymized data.
  • Develop new features according to users' needs.

5.3 Communications

  • Notifications about appointments and reminders.
  • Notices about service updates and changes to policies or terms.

5.4 Legal compliance

  • Comply with tax obligations (integration with SII) and other legal obligations.
  • Respond to valid legal requirements.
  • Protect the rights of Pacienty and its users.

SIXTH. COMMUNICATIONS AND REMINDERS (WHATSAPP AND EMAIL)

The Professional, through Pacienty, may send their Clients reminders, confirmations, rescheduling notices and payment links via WhatsApp and/or email. These communications are carried out through the WhatsApp Business Platform and are also governed by WhatsApp's and Meta's policies and terms.

The Professional is responsible for obtaining and retaining the prior consent (opt-in) of each Client for these communications. The Client may request to unsubscribe (opt-out) at any time, by replying with the unsubscribe keyword indicated in the message, using WhatsApp's options, or by requesting it from the Professional or Pacienty. Unsubscribing from reminders does not affect the essential notices of an active booking.

These communications are limited to the consultation relationship and do not constitute unsolicited advertising.

SEVENTH. INTEGRATIONS AND PROVIDERS (THIRD PARTIES)

To operate the Platform we rely on providers that process limited information on our behalf or as independent controllers, as applicable. The use of each integration is governed, in addition to this Policy, by the terms and privacy policies of the respective third party:

  • Cloud hosting services: secure hosting and storage of information.
  • Google (Google Calendar and Google Meet): calendar synchronization and video calls (see Clause Eight).
  • WhatsApp Business Platform and Meta: sending reminders and communications.
  • Mercado Pago and Flow: payment processing (only the data necessary for the transaction). Pacienty is not a banking entity nor an issuer or acquirer of payment methods.
  • Chilean Internal Revenue Service (SII): issuance of receipts and electronic documents.

These providers are contractually obligated to protect the information and to use it only for the specified purposes. Pacienty does not control third parties and will not be liable for their availability, changes or decisions.

EIGHTH. DATA OBTAINED FROM GOOGLE APIs (LIMITED USE)

When the Professional enables the integration with Google, Pacienty accesses certain data from their Google account through the Google APIs, with the Professional's prior authorization (OAuth), requesting only the minimum permissions (scopes) necessary for the visible features of calendar synchronization and creation of video call links (Google Meet).

Limited Use Disclosure. Pacienty's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

In compliance with those requirements, the information obtained through the Google APIs:

  • is used exclusively to provide or improve features visible to the Professional within the Platform (calendar synchronization and video call links);
  • is not used or transferred to display advertising, including personalized, remarketing or interest-based advertising;
  • is not sold or transferred to data brokers, information resellers or other information providers;
  • is not used to train, tune or improve generalized artificial intelligence or machine learning models;
  • is not read by humans, except: (a) with the express consent of the Professional for specific data; (b) for security or compliance reasons; (c) where required by law; or (d) in aggregated and anonymized form for internal operations, in accordance with applicable regulations.

The Professional may revoke Pacienty's access to their Google account at any time, from the Platform's settings or from their Google account's permissions page (myaccount.google.com/permissions).

NINTH. HOW WE SHARE INFORMATION

9.1 We do not sell your information

We never sell, rent or trade the personal or health information of our users.

9.2 Service providers

We share limited information with the providers indicated in Clause Seven, only to the extent necessary to operate the Platform and under confidentiality and security obligations.

9.3 Legal requirements

We may disclose information when required by law, court order or valid legal process, or to protect the rights, safety or integrity of individuals or of the Platform.

9.4 Corporate reorganizations

In the event of a merger, acquisition or substantial sale of assets, the information may be transferred to the successor, maintaining the protections of this Policy.

TENTH. INTERNATIONAL DATA TRANSFERS

Data may be processed on servers located outside Chile (mainly in the United States, through technology providers). Any international transfer will be carried out in accordance with applicable regulations, to destinations that ensure an adequate level of protection or through valid clauses or other safeguard mechanisms, requiring providers to apply appropriate security and confidentiality measures.

ELEVENTH. INFORMATION SECURITY

We implement reasonable technical and organizational measures, including:

  • Encryption of data in transit and at rest (SSL/TLS).
  • Authentication and access control: only authorized personnel access the information, under confidentiality protocols.
  • Activity logs and monitoring.
  • Backups that are automatic and regular on secure infrastructure.

No system is completely infallible; we work continuously to maintain and improve these measures.

TWELFTH. DATA RETENTION

We retain Personal Data only for as long as necessary for the purposes described and in accordance with applicable legal periods:

  • Active account data: while the account remains active.
  • Health data (clinical records): according to applicable legal requirements, which may require retention for extended periods under Chilean regulations on clinical records. The deletion of this data is subject to such retention obligations and to the Professional's instructions in their capacity as Controller.
  • Billing and tax data: according to the periods required by tax regulations.
  • Deleted account data: once the relationship has ended and the export period has expired, we will delete or anonymize the information within a reasonable time, except for data whose retention is required by law (for example, health or tax data), which will be retained only for the corresponding legal period and then deleted or anonymized.
  • Backups: backups are retained for a limited period for recovery from accidental loss and are subject to the same security measures as active data.

THIRTEENTH. RIGHTS OF DATA SUBJECTS

Data subjects may exercise their rights of access, rectification, cancellation (erasure), objection and portability, and any others recognized by law.

  • When the data subject is a Client or Patient, requests concerning the data of the consultation must, as a general rule, be addressed to the Professional (Controller). The Client may also contact Pacienty, which may forward the request to the responsible Professional and facilitate its handling.
  • When the data subject is a Professional/User, with respect to their Account data, they may exercise their rights directly with Pacienty.

Consent. Consent, when it is the applicable legal basis, may be withdrawn at any time, without retroactive effect. The Professional is responsible for obtaining consent or having the appropriate legal basis with respect to their Clients.

Portability. We facilitate the export of data in standard formats to support migration to other platforms.

To exercise these rights, write to soporte@pacienty.com. We will respond within the periods established by law.

FOURTEENTH. DATA OF MINORS

The Platform is not intended for persons under 18 years of age to create accounts or manage bookings on their own, and we do not intentionally collect information from minors as users.

When the consultation is for a minor or a person without full legal capacity, the booking and the acceptance of the Terms must be carried out by their father, mother, legal representative or caregiver. The Professional is responsible for obtaining the consents and authorizations that the care of minors requires under the law.

FIFTEENTH. RESPONSIBILITIES OF THE PROFESSIONAL

As Controller of the processing of their Clients' data, the Professional is responsible for:

  • Obtaining consent or having the applicable legal basis, and informing their Clients about the processing of their data.
  • Obtaining and retaining the consent (opt-in) for communications via WhatsApp and/or email.
  • Maintaining the confidentiality of their access credentials.
  • Complying with applicable professional and ethical regulations, including Law No. 20,584 and the rules on clinical records and professional secrecy.
  • Immediately notifying Pacienty of any suspected security breach or unauthorized use.

SIXTEENTH. COOKIES AND SIMILAR TECHNOLOGIES

We use cookies and similar technologies to keep sessions active, remember preferences, measure usage and improve the experience. The user can manage cookies from their browser settings.

SEVENTEENTH. SECURITY INCIDENTS

In the event of a security incident affecting Personal Data, the parties undertake to inform each other as soon as reasonably possible, indicating the nature of the incident, the affected data, the potential impact and the measures adopted, and to comply with the notification obligations established by law before the authority and the data subjects.

EIGHTEENTH. CHANGES TO THIS POLICY

We may update this Privacy Policy. Significant changes will be notified through:

  • In-app notification;
  • Email to the registered address;
  • Prominent posting on the Platform.

The last updated date will always be visible at the beginning of the document.

NINETEENTH. GOVERNING LAW AND DISPUTE RESOLUTION

This Policy is governed by the laws of the Republic of Chile. Dispute resolution is subject to the provisions of the Terms and Conditions applicable to each type of user:

  • For Clients/Patients acting as consumers, the provisions of Law No. 19,496 apply, and they may turn to SERNAC and the competent courts.
  • For Professionals/Users, the dispute resolution mechanism provided in their Terms and Conditions will apply.

TWENTIETH. CONTACT

For questions, concerns or requests related to this Policy or the handling of your information:

  • Support, privacy and data protection: soporte@pacienty.com
  • Platform owner: PACIENTY SpA, RUT 78.230.531-K, a stock corporation incorporated under Chilean law.

Inquiries concerning a specific consultation must be addressed to the corresponding Professional.

At Pacienty we understand the sensitive nature of health information and we are committed to maintaining high standards of privacy and security. By accepting this Policy, you acknowledge that you have read and understood how Pacienty collects, uses, shares and protects your information.