PostCare
Back

Privacy Policy

Last updated: February 2026

Introduction

OptimyCloud LLC ("PostCare", "we", "us") is committed to protecting the privacy of its users and their clients. This policy explains how we collect, use, and protect personal data in accordance with applicable data protection laws and the European General Data Protection Regulation (GDPR) for users located in the European Union.

Data We Collect

We collect the following categories of personal data:

  • Account information: name, email address, phone number of clinic professionals
  • Clinic information: clinic name, address, timezone
  • Client data: name, phone number, email (provided by clinics for aftercare messaging)
  • Health-related data: aftercare messages, concern reports, recovery photos submitted by clients
  • Usage data: login timestamps, feature usage (via Sentry for error tracking)

Purpose of Processing

Personal data is processed for the following purposes:

  • Providing the aftercare messaging service (contract performance)
  • Sending automated WhatsApp messages to clients on behalf of clinics
  • Managing concern reports and recovery tracking
  • Ensuring platform security and error monitoring

Legal Basis

  • Contract performance: processing necessary to provide the SaaS service to clinic professionals
  • Consent: client data is processed based on consent obtained by the clinic before enrollment
  • Legitimate interest: error monitoring and platform security

Data Recipients & Transfers

Your data may be processed by the following third-party services:

  • Supabase (database hosting) — Singapore/US
  • Twilio (WhatsApp messaging) — US
  • Resend (email delivery) — US
  • Sentry (error monitoring) — US
  • Cloudflare (security, captcha) — US
  • Anthropic (AI protocol analysis) — US

These providers maintain appropriate data protection standards. International data transfers outside the EU are conducted based on Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring an adequate level of protection for your personal data.

Data Retention

Account data is retained for the duration of the service contract. Client aftercare data is retained for 12 months after the last message delivery. Photos submitted via concern reports are automatically deleted after 90 days. Data is deleted upon account closure or upon request.

Concern Report Photos

When a client submits a concern report, they may optionally upload photos to illustrate their concern. These photos are stored securely on our servers (Supabase Storage) and are only accessible to the clinic staff managing the concern ticket. Photos are automatically and permanently deleted after 90 days. Clients can request immediate deletion of their photos at any time by contacting their clinic or emailing us at contact@postcare.net. Photos are never shared with third parties, used for marketing purposes, or processed by AI systems.

Your Rights

Under applicable data protection laws and the GDPR (for EU residents), you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request deletion of your data
  • Object to processing
  • Data portability
  • Restrict processing of your data
  • Withdraw consent at any time, without affecting the lawfulness of prior processing

To exercise these rights, contact us at: contact@postcare.net

Data Protection

For any questions regarding data protection, contact us at contact@postcare.net. Complaints may be addressed to the relevant Data Protection Authority, or for EU residents, to your local supervisory authority (e.g., CNIL in France: www.cnil.fr).

Cookies

PostCare uses essential cookies for authentication and session management. We also use Sentry for error tracking. No advertising cookies are used. See our cookie banner for more details.

9. WhatsApp Messaging & Health Data

PostCare facilitates the delivery of aftercare instructions defined by healthcare practitioners via WhatsApp. PostCare does not provide medical diagnosis, telemedicine, or health information services. All messages sent through the platform are practitioner-defined aftercare instructions, appointment reminders, and alert signals redirecting patients to their clinic or specialist. Client consent is obtained by the clinic prior to enrollment. Clients can opt out at any time by replying STOP or contacting their clinic directly.