CircleQCircleQ
Legal · PDPA

Privacy Policy

CircleQ places the highest priority on protecting your personal data — especially sensitive medical information. This document explains how we collect, use, and protect your data under Thailand's Personal Data Protection Act B.E. 2562 (PDPA).

Effective: 1 May 2026Last updated: June 13, 2026
01

Introduction & Scope

CircleQ Co., Ltd. ("we") provides a cloud-based clinic and hospital management platform. This policy applies to all users — clinics, hospitals, staff, and patients using the Patient Portal.

02

Information We Collect

We collect four categories: (a) Account data — email, name, phone, role; (b) Clinic/organization data — business name, address, branches, finances; (c) Medical data — patient history, diagnoses, medication, lab results; (d) Usage data — access logs, IP, browser, device.

03

Purposes of Processing

To deliver the contracted service (store medical records, send LINE OA, issue receipts), improve the service (aggregated, de-identified analytics), comply with the law (retain records 5+ years per the Sanatorium Act), and maintain security.

04

Legal Bases

Under PDPA Section 24: (1) Consent — collecting sensitive patient data requires written consent; (2) Contract — data necessary to provide the service; (3) Legitimate interest — security logs, fraud prevention.

05

Disclosure to Third Parties

We disclose data only as necessary to: cloud providers (AWS/Cloudflare), AI provider (Anthropic — Zero Data Retention), payment provider (Omise), and regulators upon court order. We never sell your data.

06

Use of AI Services

The AI Clinical Assistant uses Anthropic's Claude with Zero-Data Retention — patient data is anonymized (names/IDs removed) before processing, results are returned without retention on the AI provider's side, and clinics can disable this feature.

07

Data Retention

Medical records: 5 years after last treatment per the Sanatorium Act · Financial/tax records: 10 years per the Accounting Act · User accounts: for the duration of service + 90 days after cancellation.

08

Your Rights

You have the right to access, correct, delete, object to, or restrict processing, plus the right to data portability and to withdraw consent at any time.

09

Security Measures

AES-256 encryption at rest and in transit (TLS 1.3) · audit logs for every access · Role-Based Access Control and Zero-Trust Architecture.

10

Cross-Border Transfers

Data is stored in Asia-Pacific data centers. Where cross-border processing occurs, we apply adequate safeguards as required by PDPA.

11

Cookies & Tracking

The website uses cookies for core functionality and analytics. See the Cookie Policy for details.

12

Minors

Where a patient is a minor, consent must be given by their legal guardian.

13

Changes to This Policy

We may update this policy from time to time and will notify you in advance of significant changes via in-app notification. Contact our Data Protection Officer (DPO): dpo@circleq.app

Ready to get started?

Start your 14-day free trial. No credit card required.

Get Started
Q

CircleQ

Flow smarter. Queue better.

Connect

Turn waiting chaos into smooth, organized service

CircleQ is an intelligent queue management platform for every service business — reduce crowding, boost efficiency, and elevate the customer experience from the first step

CircleQ© 2026 CircleQ. All rights reserved.