CloudRx - Data Protection & Retention Policy

Data Protection & Retention Policy

CloudRX (CRX) — Prescription Writing Software
Effective Date: March 24, 2026
Bluedot Technology Ltd. (BTL) | 42, 43 Purana Paltan, Dhaka – 1000, Bangladesh

This Data Protection & Retention Policy (“Policy”) sets out how Bluedot Technology Ltd. (“BTL”, “we”, “us”, or “our”) collects, classifies, stores, protects, and ultimately deletes or anonymises personal and clinical data processed through the CloudRX (CRX) platform. This Policy should be read in conjunction with our Privacy Policy and Terms & Conditions, which are incorporated herein by reference.

CloudRX operates within the healthcare sector, a domain in which data carries the highest sensitivity. We therefore apply heightened standards of care consistent with applicable Bangladeshi law, internationally recognised health-data frameworks, and good clinical governance principles.

1. Purpose & Scope

This Policy applies to:

All personal data relating to medical practitioners and their staff (“Practitioner Data”) processed through CloudRX.
All personal health information relating to patients (“Patient Health Data”) entered into or generated by the Platform.
All platform operational data, including logs, analytics, and billing records.
Any third-party sub-processor that processes data on our behalf.

This Policy covers data in all forms and states: data at rest, data in transit, backups, archives, and any copies generated for operational or disaster-recovery purposes.

2. Legal Basis & Regulatory Framework

BTL processes personal and health data under the following legal bases and instruments:

Contractual necessity: Processing required to deliver the CloudRX service under the subscription agreement with the Practitioner.
Consent: Where processing is based on explicit, informed consent (e.g., optional features or research participation).
Legal obligation: Where processing is required by applicable law, including but not limited to:
- Cyber Security Act (CSA) 2023 (Bangladesh)
- Digital Security Act 2018 (to the extent still applicable)
- National Health Information System policies of the Directorate General of Health Services (DGHS), Bangladesh
- Money Prevention Act (Amendment) 2015 and Bangladesh Financial Intelligence Unit (BFIU) guidance
Legitimate interests: Platform security, fraud prevention, and service improvement, provided such interests do not override data subjects’ fundamental rights.

3. Data Classification

All data processed on the Platform is assigned to one of the following classification tiers, each carrying defined handling, access, and retention requirements:

Classification	Description	Examples
Tier 1 — Strictly Confidential	Highest sensitivity; access restricted to authorised system roles only.	Patient diagnoses, prescription details, medical history, investigation results, clinical notes.
Tier 2 — Confidential	Sensitive personal data; access limited to named account holders and designated team members.	Patient names, contact details, date of birth, practitioner BMDC registration numbers, login credentials (hashed).
Tier 3 — Internal	Operational data for platform management; accessible to authorised BTL staff only.	Platform logs, session records, feature-usage metrics, billing and subscription records, notification logs.
Tier 4 — Public / Anonymised	Data from which all identifying information has been irreversibly removed.	Aggregate statistical reports, anonymised prescription trend analytics.

4. Categories of Personal Data Processed

4.1 Practitioner & Staff Data

Full name, professional title, and BMDC (Bangladesh Medical & Dental Council) registration number.
Clinic or hospital name, address, and contact information.
Email address, mobile number, and account login credentials (passwords stored as salted cryptographic hashes; the plaintext password is never stored).
Subscription and billing history; Balance Credit transaction records.
Platform activity logs: login timestamps, IP addresses, device fingerprints, and feature interactions.

4.2 Patient Health Data (Tier 1 — Strictly Confidential)

Patient name, age, sex, weight, and contact information as entered by the treating Practitioner.
Chief complaints, history of present illness, past medical history, surgical history, family history, and social history.
Diagnoses (ICD-coded and free text), investigation orders and results, and clinical notes.
Prescriptions: drug names, formulations, dosages, frequencies, durations, and dispensing instructions.
Appointment records, visit dates, and consultation histories.
Any documents or images uploaded against a patient file.

Patient Health Data is the exclusive property of the treating Practitioner and the patient concerned. BTL processes this data solely as a data processor acting on the documented instructions of the Practitioner (the data controller). BTL does not access, use, or disclose Patient Health Data for any purpose other than operating and maintaining the Platform, unless required to do so by law.

4.3 Platform Operational Data

Web server access logs, application error logs, and security event logs.
SMS, email, and AI-service transaction records (containing message metadata but not full message body where avoidable).
Payment gateway transaction references (no full payment-card numbers are stored on BTL systems).

5. Data Storage & Security Controls

BTL implements layered technical and organisational controls to protect all classified data:

5.1 Encryption & Data at Rest

All data in transit between users’ devices and the Platform is protected by TLS 1.2 or higher.
Data at rest (database, file storage, and backups) is protected by operating-system-level (full-disk) encryption on the server. BTL does not operate a separate application-level or database-level encryption layer independent of the host OS encryption.
Direct server access is restricted to a small number of authorised BTL engineers via PKI-based (SSH key-pair) authentication. Password-based remote login is disabled at the OS level.

5.2 Access Controls

Role-based access control (RBAC) is enforced at both application and infrastructure levels. Each user role is granted only the minimum privileges necessary for its function (principle of least privilege).
Tier 1 (Strictly Confidential) data is accessible only to the Practitioner account that created it and any team members explicitly granted access by that Practitioner.
BTL staff access to patient or practitioner data is limited to named, authorised personnel under documented procedures and is logged for audit purposes.
Multi-factor authentication (MFA) is available and strongly recommended for all Practitioner accounts.

5.3 Infrastructure Security & Server Location

The CloudRX server infrastructure is physically located in Bangladesh.
Direct OS-level server access (SSH) is granted exclusively to a strictly limited number of authorised BTL engineers using PKI (public-key infrastructure) authentication. No password-based remote login is permitted.
Network-level firewall rules restrict inbound and outbound connections to authorised services and ports only.
System backups are taken at regular intervals and periodically tested for restorability.

5.4 Personnel & Organisational Controls

All BTL personnel with access to personal or health data are subject to confidentiality agreements and receive data-protection training.
Access privileges are reviewed regularly and revoked promptly upon role change or employment termination.
A designated Data Protection Lead is responsible for overseeing compliance with this Policy.

5.5 Prescription QR Code & Direct Online View

Each prescription generated on CloudRX is assigned a unique, cryptographically randomised QR code that is printed on the prescription. This QR code encodes a unique URL allowing the holder to view the prescription online.

The QR code token is generated using a secure random algorithm and is not guessable or predictable by brute force.
Important limitation: Access to a prescription via its QR code URL is not separately authenticated or independently access-controlled. Any person who physically possesses the prescription — whether the patient, a pharmacist, or any other party — and scans or follows the QR code can view the prescription content online without any additional login or verification.
Practitioners and patients should treat the printed or shared prescription document as a sensitive item. Forwarding or sharing the prescription (in physical or digital form) grants the recipient equivalent online access to its content.
BTL logs QR-code-based access events (timestamp and IP address) for audit purposes but does not otherwise restrict access beyond possession of the valid token.

6. Data Retention Schedule

Data is retained only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. The following schedule governs standard retention periods:

Data Category	Retention Period	Basis
Patient Health Data (active account)	Retained for the duration of the active subscription.	Contractual necessity; clinical continuity.
Patient Health Data (post-termination)	30 days after account termination for data-export window; then anonymised or securely deleted.	Data subject rights; regulatory good practice.
Prescriptions & Clinical Records	Minimum 5 years from date of last entry (or as required by the Bangladesh Medical Council or applicable health regulations, whichever is longer).	Legal / regulatory obligation; medico-legal requirements.
Practitioner Account & Profile Data	Duration of active account + 3 years post-closure.	Contractual; legal obligation (audit trails).
Billing & Financial Records	7 years from the date of transaction.	Income Tax Ordinance 1984 (Bangladesh); financial audit requirements.
Platform Security & Access Logs	1 year (rolled).	Legitimate interests; incident investigation.
SMS / Email / AI Transaction Metadata	2 years from transaction date.	Billing disputes; BFIU compliance.
Anonymised Aggregate Analytics	Indefinite (no personal data present).	Anonymised data is outside the scope of data-protection restrictions.

Retention periods may be extended where data is subject to an active legal hold, litigation, regulatory investigation, or dispute resolution process. In such cases, deletion will be deferred until the matter is resolved and we receive written confirmation that the hold is lifted.

7. Data Deletion & Anonymisation Procedures

At the end of the applicable retention period, personal data is disposed of using one of the following methods, depending on data classification and storage medium:

Secure deletion: Electronic data is overwritten using cryptographic erasure (key destruction for encrypted volumes) or a NIST SP 800-88 compliant purge procedure.
Anonymisation: Where retention of statistical or aggregate insight is of legitimate value, all directly and indirectly identifying fields are irreversibly removed or pseudonymised to a degree that re-identification is not feasible, before the underlying personal data is deleted.
Backup purging: Expired personal data is also purged from all backup and archive stores within the same retention window or at the next scheduled backup cycle, whichever is sooner.

All deletion actions are logged in an audit trail maintained by the Platform’s data-management system.

8. Data Breach Detection & Response

In the event of a suspected or confirmed personal data breach, BTL will:

Activate its Incident Response Plan immediately upon detection.
Contain and assess the scope and severity of the breach within 24 hours of detection.
Notify affected Practitioner account holders within 72 hours of confirmed breach, where the breach is likely to result in a risk to their rights or the rights of their patients.
Report to relevant Bangladeshi authorities (including BTRC/CIRT-Bangladesh or any designated regulatory body) within the timeframe prescribed by applicable law.
Document the breach, its causes, affected records, and remediation actions in a formal Incident Register.
Take corrective action to prevent recurrence and communicate outcome to affected users where appropriate.

Notification will include: a description of the nature of the breach, categories and approximate number of records involved, likely consequences, and measures taken or proposed to address the breach.

9. Data Subject Rights

Users of CloudRX (Practitioners) and, where applicable, patients whose data has been entered by a Practitioner, may exercise the following rights in respect of personal data we hold. Requests should be directed to support@bluedot.ltd:

Right of access: Request a copy of the personal data we hold about you.
Right to rectification: Request correction of inaccurate or incomplete data.
Right to erasure: Request deletion of personal data, subject to legal retention requirements set out in Section 6.
Right to data portability: Request an export of your data in a structured, commonly used, machine-readable format (JSON or CSV) within 30 days of a verified request.
Right to restriction: Request that we restrict processing in certain circumstances (e.g., where accuracy is contested).
Right to object: Object to processing based on legitimate interests, including any form of profiling.

We will respond to all verifiable requests within 30 days. Where a request is complex or numerous, we may extend this by a further 30 days and will inform you accordingly. We may need to verify your identity before fulfilling a request. In cases where a request is manifestly unfounded or excessive, we reserve the right to charge a reasonable fee or decline the request, in accordance with applicable law.

Note: For Patient Health Data, the right of access by the patient is mediated through the treating Practitioner (as data controller). BTL, as data processor, redirects patient data requests to the responsible Practitioner.

10. Third-Party Sub-Processors & Service Providers

BTL engages the following categories of third-party service providers in the operation of CloudRX. Users should be aware of the specific data-sharing disclosures below:

10.1 AI Service Providers (Optional Feature)

CloudRX offers optional AI-assisted features for prescription writing, clinical summarisation, and report generation. When a Practitioner uses an AI feature for a prescription or clinical report, the relevant clinical content will be transmitted to one or more third-party AI API providers. The following providers may be used:

Google Gemini (Google LLC, USA)
Grok (xAI, USA)
OpenAI (OpenAI, LLC, USA)
Anthropic Claude (Anthropic, PBC, USA)

Before transmitting any clinical content to these providers, BTL applies the following anonymisation measures:

Patient names and directly identifying fields are removed or replaced with neutral placeholders prior to transmission wherever technically feasible.
For AI processing that involves uploaded documents or images (OCR-based input), BTL will make best-effort automated and manual anonymisation of identifying information; however, complete anonymisation of unstructured document content cannot be guaranteed in all cases.
Practitioners are advised not to include unnecessary patient-identifying details in free-text fields when using AI features.

These AI providers are located outside Bangladesh. By using AI-assisted features, the Practitioner acknowledges and consents to this anonymised cross-border data transfer. AI features can be avoided entirely by not enabling them; no clinical data is sent to AI providers unless a Practitioner actively uses an AI feature for a given prescription or report.

BTL is not responsible for the independent data handling, retention, or privacy practices of these third-party AI providers beyond the scope of their published API policies and any applicable contractual terms.

10.2 SMS & Email Service Providers

CloudRX uses third-party SMS gateway and email delivery providers to send notifications, prescriptions, and communications to patients and Practitioners. Users should be aware of the following:

SMS and email providers will necessarily have technical access to the content of messages transmitted through their platforms, which may include sensitive clinical or personal information (e.g., prescription reminders, appointment details).
This access is outside BTL’s direct control. SMS and telecommunication services in Bangladesh operate under government regulation and are subject to lawful interception and monitoring under applicable telecommunications and security laws. BTL cannot prevent access to message content by the carrier or by authorities acting under lawful mandate.
Practitioners should exercise discretion when configuring which information is included in automated SMS or email communications to patients.

11. Cross-Border Data Transfers

The CloudRX server infrastructure is located within Bangladesh. Personal and clinical data is stored and processed domestically as a matter of primary policy. However, the following operational activities involve cross-border data transfers:

AI API calls: When the optional AI feature is used, anonymised clinical content is transmitted to AI service provider APIs operated by Google (USA), xAI (USA), OpenAI (USA), and Anthropic (USA), as described in Section 10.1. These transfers occur in real time at the point of AI feature use and are subject to the published data policies of the respective provider.
Other service providers: Certain ancillary services (e.g., email delivery infrastructure) may route data through servers outside Bangladesh as part of normal internet routing. BTL selects providers subject to acceptable data-handling standards and, where applicable, contractual data-processing terms.

Practitioners who have concerns about cross-border AI data processing may choose not to use AI-assisted features. All core Platform functions (prescriptions, patient records, appointments) are processed and stored entirely on Bangladesh-based infrastructure.

12. Children’s Data & Paediatric Patients

The CloudRX practitioner-facing platform is restricted to adults aged 18 and over. However, Practitioners may enter clinical data relating to paediatric patients (children under 18) in the course of their practice. Such data is classified as Tier 1 (Strictly Confidential) and is processed solely on the documented instruction of the treating Practitioner, who bears responsibility for obtaining appropriate guardian consent where required by applicable laws and clinical governance standards.

13. Compliance, Audit & Governance

This Policy is reviewed and updated at least annually, or immediately following a material change in the legal or regulatory landscape, a significant data breach, or a major change to the Platform’s architecture.
Internal compliance audits against this Policy are conducted at least once per year.
BTL maintains a Data Processing Register documenting all processing activities, legal bases, data flows, and retention periods.
The designated Data Protection Lead is the primary point of contact for all data-protection matters and reports directly to BTL senior management.

14. Changes to This Policy

BTL reserves the right to update this Policy at any time to reflect changes in law, technology, or our practices. Where changes are material, we will notify registered Practitioner accounts via email or in-platform notification at least 14 days before the revised Policy takes effect. Continued use of the Platform after the effective date constitutes acceptance of the revised Policy. If you do not agree with the changes, you must cease using the Platform and request an export of your data before the effective date.

15. Contact & Data Protection Enquiries

For any questions, concerns, or formal requests relating to data protection and retention, please contact our Data Protection Lead:

Data Protection Lead — Bluedot Technology Ltd. (BTL)
42, 43 Purana Paltan, Dhaka – 1000, Bangladesh
Email: support@bluedot.ltd
Phone: +880 96 3877 7222
Website: https://crxbd.com