Home › Privacy Policy

Privacy Policy

Last updated: June 2026 · Version 1.0

1. Who We Are

Lurnel Clinic ("we", "the clinic", "the doctor") operates this digital health platform at clinic.lurnel.com. The treating doctor is a licensed physician registered with the Bangladesh Medical & Dental Council (BMDC).

2. What Data We Collect

  • Identity: Full name, date of birth, gender
  • Contact: Email address, mobile phone number
  • Clinical: Chief complaints, medical history, examination findings, diagnosis, prescriptions, test results — only information you provide or that is recorded during your consultation
  • Technical: IP address, browser type (for security audit logs only)

3. Why We Collect Your Data

  • To provide clinical consultation and treatment
  • To send appointment confirmations and video call links
  • To maintain your medical history for continuity of care
  • To generate invoices and receipts
  • To comply with legal and regulatory obligations

4. Your Consent

You give explicit consent when you check the consent box during booking or registration. This consent means:

  • The doctor may record and store relevant clinical findings in our secure database
  • This data will be used solely for your healthcare
  • You may withdraw consent at any time by contacting us (see Section 9)

5. How We Protect Your Data

  • Data is stored on encrypted servers hosted on AWS (Amazon Web Services)
  • All connections are encrypted using HTTPS/TLS
  • Access to clinical records is restricted to you and your treating doctor only
  • Passwords are stored as one-way cryptographic hashes (bcrypt)
  • Every data access is logged in an audit trail

6. We Will Never

  • Sell your personal or medical data to any third party
  • Share your data with advertisers or marketing companies
  • Use your data for research without separate, specific written consent
  • Transfer your data outside of your treating doctor's team without your permission

7. When We May Disclose Data

We will disclose your data only when:

  • Required by law: A court order, judge's warrant, or binding legal instruction from a competent authority
  • Notifiable diseases: Certain infectious diseases (e.g., cholera, COVID-19, tuberculosis) are required by Bangladeshi public health law to be reported to relevant government health authorities. We will report only the minimum information required by law
  • Medical emergency: Where there is immediate risk to your life or the life of others, limited information may be shared with emergency services

In all other circumstances, your data stays private.

8. Data Retention

Clinical records are retained for a minimum of 7 years after your last visit, in line with standard medical practice guidelines in Bangladesh. You may request deletion of non-clinical data (contact information) at any time. Clinical records cannot be deleted while they are required for treatment or legal purposes.

9. Your Rights

  • Access a copy of your stored data
  • Correct inaccurate information
  • Request deletion of non-clinical personal data
  • Withdraw consent (future data collection stops; past records may be retained per Section 8)
  • Request data portability in a standard format

To exercise any of these rights, email contact@lurnel.com with the subject "Data Request".

10. Cookies

This website uses only session cookies (essential for login and booking). We do not use advertising cookies, tracking pixels, or analytics services that share data with third parties.

11. Changes to This Policy

We may update this policy. If the update materially affects your rights, we will notify you by email before the change takes effect. The version and date at the top of this page always reflect the current policy.

12. Contact

For privacy questions: contact@lurnel.com or use the Contact Form.