Relatica
Relatica
Legal

Privacy Policy Policy

We handle your data and your patients' health records with the highest standard of care. This policy explains exactly what we collect, why, and how we protect it.

Last updated: April 12, 2026

Information We CollectHow We Use Your InformationData Sharing & Third PartiesData SecurityYour RightsCookies & TrackingInternational TransfersChanges to This Policy

GDPR & HIPAA Aligned

Relatica is designed for healthcare providers. We follow the General Data Protection Regulation (GDPR), align with HIPAA best practices, and comply with national healthcare data laws in Cyprus and Greece. As a SaaS provider, we act as a Data Processor — your clinic remains the Data Controller.

Information We Collect

Account & Business Information

When you register for Relatica, we collect your name, email address, clinic name, business address, phone number, and billing details. This information is necessary to provide and maintain your account.

Patient Health Data

As a clinic management platform, Relatica stores patient records you enter — including names, contact details, medical history, treatment plans, appointment notes, and uploaded documents. You are the data controller of this information; we process it solely on your instructions.

Usage Data

We automatically collect information about how you interact with our platform: pages visited, features used, session duration, IP address, browser type, and device identifiers. This helps us improve the product and diagnose issues.

Communications

If you contact our support team or respond to our emails, we retain those communications to resolve your requests and improve our service quality.

How We Use Your Information

Service Delivery

We use your data to operate Relatica — processing appointments, generating invoices, sending automated patient reminders, and enabling all platform features you have subscribed to.

Security & Fraud Prevention

We analyze usage patterns to detect unauthorized access, prevent fraudulent activity, and protect the integrity of your clinic's data and your patients' health records.

Product Improvement

Aggregated and anonymized usage statistics help us understand which features are most valuable, prioritize development, and fix bugs. We never use individual patient data for this purpose.

Legal Compliance

We process data as required by applicable law, including tax regulations, healthcare data retention requirements in Cyprus, Greece, the EU (GDPR), and other jurisdictions where our customers operate.

Data Sharing & Third Parties

We Do Not Sell Your Data

Relatica does not sell, rent, or trade your personal information or your patients' health data to any third party for marketing or commercial purposes — ever.

Service Providers

We work with a limited set of trusted sub-processors (cloud infrastructure, email delivery, payment processing) who access only the data necessary to perform their specific service. All sub-processors are bound by data processing agreements consistent with GDPR requirements.

Legal Disclosure

We may disclose information if required by a court order, law enforcement request, or other valid legal process. We will notify you before complying unless prohibited by law.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you via email and a prominent notice on our website at least 30 days before any such transfer.

Data Security

Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256. Patient health records receive an additional layer of encryption before storage.

Access Controls

Access to production systems is restricted to authorized personnel on a need-to-know basis, enforced through multi-factor authentication, role-based permissions, and full audit logging.

Infrastructure

Relatica is hosted on enterprise-grade cloud infrastructure with SOC 2 Type II certification, automated daily backups, and geo-redundant storage to ensure data availability and durability.

Incident Response

In the event of a data breach affecting your clinic or your patients, we will notify you within 72 hours as required by GDPR Article 33, and provide a full incident report within 30 days.

Your Rights

Access & Portability

You may request a full export of all data associated with your account and your patients at any time. We will deliver it in a machine-readable format (JSON/CSV) within 30 days.

Correction & Deletion

You can update your account information directly in the platform. You may also request deletion of your account and all associated data. Note that we may retain certain records for the period required by applicable law (typically 5–7 years for healthcare records).

Restriction & Objection

You have the right to restrict processing of your personal data or object to processing based on legitimate interests. To exercise these rights, contact us at the address below.

Withdraw Consent

Where processing is based on your consent (e.g., marketing emails), you may withdraw that consent at any time without affecting the lawfulness of prior processing.

Cookies & Tracking

Essential Cookies

We use strictly necessary cookies to keep you logged in and maintain your session. These cannot be disabled as the platform cannot function without them.

Analytics Cookies

With your consent, we use anonymized analytics to understand platform usage. We use Vercel Analytics, which does not use third-party cookies or cross-site tracking. You can opt out at any time in your account settings.

No Advertising Tracking

We do not use advertising cookies, pixel trackers, or any third-party behavioral profiling tools on the Relatica platform. Your clinic's operational data is never used for ad targeting.

International Transfers

Data Residency

By default, your data is stored within the European Economic Area (EEA) on servers located in the EU. We offer data residency options for customers in specific jurisdictions upon request.

Cross-Border Transfers

When we engage sub-processors outside the EEA, we ensure adequate protection through Standard Contractual Clauses (SCCs) approved by the European Commission, or by relying on adequacy decisions.

Changes to This Policy

Notification of Changes

We may update this Privacy Policy to reflect changes in our practices or applicable law. We will notify you by email and post a notice on the platform at least 30 days before material changes take effect. Continued use of Relatica after that date constitutes acceptance of the updated policy.

Version History

Previous versions of this Privacy Policy are available upon request. We maintain a complete version history for audit and compliance purposes.

Contact & Data Requests

For any privacy-related questions, to exercise your data rights, or to reach our Data Protection Officer, please contact us. We respond to all requests within 72 hours.

Email

privacy@relatica.net

Controller

Syntropic Wave Ltd.
Limassol, Cyprus

If you believe we have not adequately addressed your concern, you have the right to lodge a complaint with your national data protection authority (e.g., the Office of the Commissioner for Personal Data Protection in Cyprus, or your local EU supervisory authority).