Privacy Policy

Home / Privacy Policy

Privacy Policy

CloudRX (CRX) — Prescription Writing Software
Effective Date: April 17, 2026
Bluedot Technology Ltd. (BTL) | 42, 43 Purana Paltan, Dhaka – 1000, Bangladesh

This Privacy Policy explains how Bluedot Technology Ltd. (“BTL”, “we”, “us”, or “our”) collects, uses, stores, and protects information through the CloudRX (CRX) platform. By using the Platform, you agree to the practices described in this Policy. This Policy forms part of and should be read together with our Terms and Conditions.


1. Information We Collect

As the operator of a clinical platform, we have access to the following categories of data that you and your colleagues enter into or generate through CloudRX:

  • Practitioner information: Name, medical registration number, clinic/hospital details, contact information, and login credentials.
  • Patient information: Name, age, gender, contact details, medical history, diagnoses, and other clinical details as entered by the treating practitioner.
  • Prescription data: Drug names, dosages, frequencies, instructions, and dates of issue.
  • Platform usage data: Login times, feature usage, session logs, device and browser information, and IP addresses.
  • Billing information: Subscription and payment records (payment card details are handled by our payment processor and are not stored on our servers).

We are transparent: all data you enter into the Platform is accessible to BTL for the purposes of operating, maintaining, securing, and improving the service.


2. How We Use Your Data

We use the data we collect solely for the following purposes:

  • Providing, operating, and improving the CloudRX service.
  • Authenticating users and maintaining account security.
  • Processing subscription payments and sending billing notifications.
  • Responding to support requests and resolving technical issues.
  • Complying with legal obligations, court orders, or lawful requests from government authorities.
  • Generating anonymised, aggregated analytics and reports to improve platform performance and healthcare insights (see Section 4).

3. No Sale or Disclosure of Patient Data

We do not sell, rent, share, or otherwise disclose patient data or personally identifiable prescription data to any third party, except:

  • As required by law: We may disclose information when compelled by a valid court order, subpoena, government directive, or any applicable provision of the Cyber Security Act (CSA) 2023 (Bangladesh) or other applicable legislation.
  • With your explicit consent: If you expressly authorise a specific disclosure in writing.
  • To trusted service providers: We may share data with sub-processors (e.g., cloud hosting providers) strictly for the purpose of operating the Platform, under binding confidentiality and data-processing agreements. These providers are not permitted to use your data for any other purpose.

Patient health information is treated as strictly confidential. We will always notify affected users of any mandated disclosure to the extent permitted by law.


4. Anonymised Data & Aggregated Analytics

BTL may use prescription and clinical data to generate analytics, trend reports, and platform-improvement insights. Any such use is subject to the following safeguards:

  • All data used for analytics is fully anonymised — individual patients and practitioners cannot be identified from any published or shared report.
  • Anonymisation is performed in compliance with applicable data-protection standards before any aggregation or analysis takes place.
  • Aggregated outputs do not constitute a disclosure of personal health information and do not violate applicable privacy or healthcare data laws.
  • No individual prescription or patient record is ever shared with a third party in an identifiable form for commercial or research purposes without explicit consent.

5. Data Storage & Security

We take the security of your data seriously and implement industry-standard technical and organisational measures, including:

  • Encryption of data in transit (TLS/SSL) and at rest.
  • Role-based access controls limiting internal access to authorised personnel only.
  • Regular security audits and vulnerability assessments.
  • Secure, redundant cloud infrastructure with access logging and monitoring.

In the event of a confirmed data breach that may affect your personal information, we will notify affected users within 72 hours of becoming aware, in accordance with applicable law.


6. Data Retention

We retain your data for as long as your account remains active or as necessary to provide our services. Upon account termination:

  • You may request an export of your data within 30 days of termination.
  • After the retention period, personal data is securely deleted or anonymised.
  • We may retain certain records for longer periods where required by law (e.g., audit trails, billing records).

7. Cookies & Platform Analytics

CloudRX uses essential cookies to maintain your session and ensure secure platform operation. We may also use analytics tools to monitor platform performance. These cookies do not track patients and do not store clinical data. You may configure your browser to refuse cookies, though this may affect platform functionality.


8. Your Rights

As a user of CloudRX, you have the right to:

  • Access and review the personal data we hold about you.
  • Request corrections to inaccurate or incomplete data.
  • Request deletion of your personal data, subject to legal retention obligations.
  • Object to or restrict certain processing activities.
  • Lodge a complaint with the relevant regulatory authority in Bangladesh.

To exercise any of these rights, please contact us at support@bluedot.ltd.


9. Third-Party Links

The Platform may contain links to third-party websites or services. BTL is not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing any information.


10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or an in-platform notification at least 14 days before the changes take effect. Continued use of the Platform after the effective date constitutes acceptance of the revised Policy.


11. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of the People’s Republic of Bangladesh, including the Cyber Security Act (CSA) 2023 and any applicable health data regulations. Disputes shall be subject to the exclusive jurisdiction of the courts in Dhaka, Bangladesh.


12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us:

Bluedot Technology Ltd. (BTL)
42, 43 Purana Paltan, Dhaka – 1000, Bangladesh
Email: support@bluedot.ltd
Phone: +880 96 3877 7222
Website: https://crxbd.com