Table of Contents
Introduction
7Keys ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our communication infrastructure services.
We operate as a data processor on behalf of healthcare clinics (our customers), who are the data controllers. This policy covers both our direct data collection and our processing activities.
Key Principle: We collect only what's necessary, store only what's needed, and never sell your data.
Data We Collect
Information You Provide:
- Contact information (name, email, phone number)
- Clinic/business information
- Communication content (calls, messages, inquiries)
- Appointment and booking details
Automatically Collected:
- Device information (browser type, operating system)
- IP address and approximate location
- Usage data (pages visited, features used)
- Cookies and similar technologies (with consent)
We Do NOT Collect: Medical records, diagnoses, treatment plans, or any clinical health information. Our system is strictly operational.
How We Use Data
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Provide our services | Contact info, communications | Contract performance |
| Appointment management | Booking details, contact info | Contract performance |
| Customer support | Communications, usage data | Legitimate interest |
| Service improvement | Aggregated usage data | Legitimate interest |
| Marketing (with consent) | Contact info | Consent |
| Legal compliance | As required | Legal obligation |
Legal Basis for Processing
Under GDPR, we process personal data based on:
- Contract Performance: Processing necessary to fulfill our service agreement
- Legitimate Interest: Processing for business operations that don't override your rights
- Consent: Where you've given explicit permission (e.g., marketing)
- Legal Obligation: Where required by law
Data Sharing
We share data only with:
- Healthcare Clinics: Your data is shared with the clinic you're communicating with (they are the data controller)
- Service Providers: Cloud hosting (AWS), analytics, payment processors - all with DPAs in place
- Legal Requirements: When required by law or to protect rights and safety
We Never: Sell your personal data, share it for advertising purposes, or transfer it outside approved regions without adequate safeguards.
Data Retention
| Data Type | Retention Period | Reason |
|---|---|---|
| Account information | Duration of service + 30 days | Service provision |
| Communication logs | As configured by clinic (default: 90 days) | Operational records |
| Appointment data | As configured by clinic (default: 2 years) | Business records |
| Analytics data | Aggregated indefinitely, personal: 26 months | Service improvement |
| Legal compliance data | As required by law | Legal obligation |
Your Rights
Under GDPR, you have the right to:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate or incomplete data
- Erasure: Request deletion of your data ("right to be forgotten")
- Restriction: Limit how we process your data
- Portability: Receive your data in a structured format
- Objection: Object to processing based on legitimate interest
- Withdraw Consent: Revoke consent at any time
To exercise these rights, contact us at [email protected]. We respond within 30 days.
Security Measures
We protect your data with:
- AES-256 encryption at rest
- TLS 1.3 encryption in transit
- Zero-trust access architecture
- 24/7 security monitoring
- Regular security audits
- Employee security training
For full security details, see our Security Documentation.