Privacy Policy
Last updated:
This Privacy Policy explains how XLinic handles personal information when you use our HR operating system, web admin panels, and mobile applications (together, the “Service”). We comply with the Egyptian Personal Data Protection Law No. 151 of 2020 and draw on internationally recognised principles, including those reflected in the EU GDPR.
Two roles you should understand. XLinic acts as a data controller for the small set of information we receive directly to provide and run the Service (for example, your account credentials and billing details). For the much larger set of HR data that an employer enters about its workforce — salaries, attendance, leave, contracts, identification documents — XLinic acts as a data processor. The employer is the controller of that data and decides what is uploaded, who can see it, and how long it is retained. XLinic only stores and processes it as instructed by the employer.
1. Who we are
XLinic is an HR software-as-a-service platform that helps companies manage employee records, attendance, leave, payroll, and loans. For any privacy-related question, contact us at [email protected].
2. Information we receive
From you (when you create or use a XLinic account)
- Account credentials: name, email address, phone number, hashed password, optional two-factor authentication secret.
- Profile basics: avatar, role, branch, language preference.
From the subscribing employer (for billing)
- Organisation name, billing contact, tax ID.
- Subscription plan, billing cycle, payment method tokens. We do not store full card numbers; payment data is tokenised by our payment processor.
From your mobile device (only when you use the XLinic app)
- Device push token (Firebase Cloud Messaging), device model, OS version, app version, IP address, timezone.
- Geolocation captured at check-in / check-out only if your employer has enabled geofencing.
- Biometric authentication result (pass/fail only) — if you enable fingerprint or Face ID app unlock, your biometric template is stored and matched entirely within your device’s secure hardware enclave. XLinic only receives a pass/fail signal from the operating system and never stores or transmits biometric data.
Automatically (security and operations)
- Server logs — IP address, user-agent, request paths, timestamps — used for security, abuse prevention, and debugging.
- An audit log of significant actions inside your workspace (creations, updates, deletions).
3. HR data uploaded by employers
The Service is a platform that lets employers manage their workforce. Your employer enters or records information in XLinic — for example, your job title, salary, attendance check-ins, leave balances, contracts, and identification documents. XLinic does not actively collect this data; it is uploaded or generated by your employer in the course of using the Service, and XLinic stores and processes it strictly on the employer’s behalf as a data processor. Some employer-uploaded data (such as identification documents and financial records) may constitute sensitive personal data under Egyptian Law 151/2020, and XLinic applies technical and contractual measures appropriate to that classification.
If you are an employee, your employer is the controller of this data. Questions about your specific HR records (what is stored about you, who can see it, how long it is retained) should be directed to your employer’s HR team. We will support the employer in responding.
4. Why we process this information
- Performance of contract: to deliver the features the customer subscribed to.
- Legal obligation: issuing tax invoices and supporting employer compliance with Egyptian Labor Law, Social Insurance Law, and Tax Law.
- Legitimate interest: security monitoring, fraud detection, and product improvement using aggregated, non-identifying data.
- Consent: for optional product newsletters and marketing emails — you can withdraw at any time.
5. How long we keep information
- Employer-uploaded HR data: retained while the employer’s subscription is active and for the period required by the employer’s legal obligations under Egyptian Labor Law, Social Insurance Law, and Tax Law. The employer controls deletion through XLinic.
- User account data: personal data (name, email, phone, profile) is purged within 30 days of account deletion. Account identifiers are retained for up to 90 days for audit and dispute resolution, then deleted.
- Mobile push tokens, notification preferences: removed immediately on account deletion or device unregistration.
- Server logs: 90 days, except where a longer period is necessary for an open security incident.
6. Who we share information with
XLinic does not sell personal data. We share data only with vetted third-party processors who help us deliver the Service, and only to the extent necessary. Categories of subprocessor:
- Cloud hosting — hosts the application and the customer database.
- Push notifications — Google Firebase Cloud Messaging, used to deliver mobile push notifications.
- Transactional email — for account-related emails (password reset, alerts).
- SMS / WhatsApp — for OTP and operational notifications when enabled.
- Payment processing — for XLinic subscription billing only; no employee payroll data is sent to the payment processor.
Some of these subprocessors (notably Firebase/Google) operate outside Egypt. Data transferred internationally is encrypted in transit and protected by standard contractual clauses or equivalent safeguards recognised under Egyptian Law 151/2020 Art. 12.
7. How we keep information safe
- Encryption in transit (TLS 1.2+) and at rest (database and backup encryption).
- Per-employer database schema isolation: each company’s data lives in a separate PostgreSQL schema.
- Role-based access control with optional two-factor authentication.
- Rate limiting and brute-force protection on authentication endpoints.
- Audit logging of sensitive actions; security review of new releases.
In the event of a personal data breach, XLinic will notify the Personal Data Protection Centre (PDPC) and affected parties without undue delay in accordance with Egyptian Law 151/2020. To report a suspected security issue, contact [email protected].
8. Your rights
Under Egyptian Law 151/2020 and equivalent regimes you have rights of access, correction, deletion, restriction, portability, objection, and withdrawal of consent.
If you are an employee, requests about your HR records should generally go to your employer (the controller). Requests that concern XLinic directly — for example, deleting your mobile-app account — can be sent to [email protected]. If you are unable to reach your employer’s HR team, contact us directly and we will assist. We respond within 30 days and may ask you to verify your identity first.
9. Account deletion
Mobile-app users can delete their XLinic account from Settings → Account → Delete account. Confirmation requires re-entering your password. On confirmation:
- All active sessions and access tokens are revoked across every device.
- The account is marked as deleted and can no longer authenticate.
- Mobile push tokens and notification preferences are removed immediately.
- Personal data (name, email address, phone number, profile) is permanently purged within 30 days. Account identifiers may be retained for up to 90 days solely for audit and dispute resolution, after which they are deleted.
- HR records that relate to your employment (attendance, leave, payroll) are retained by your employer, which is the data controller and is bound by Egyptian labor and tax retention laws.
No mobile-app access? Email [email protected] and we will process the request manually.
10. Children’s data
XLinic is not directed at children under 18. We do not knowingly create accounts for minors. If you believe a minor has registered, contact us and we will remove the account.
11. Cookies & analytics
We use essential cookies (sign-in sessions, CSRF protection, language preference) across the platform. On our public marketing site (x-linic.com) we also use Google Analytics to understand how visitors find and use the site; this sets Google cookies and shares usage data such as pages visited, device type and approximate location with Google. We do not use analytics inside the admin panels, and analytics data is never linked to patient records. You can block analytics cookies in your browser or via Google’s opt-out tools without affecting the site; blocking essential cookies may break sign-in.
12. Facebook Messenger & Instagram Direct messaging
Some XLinic customers connect their official Facebook Page and Instagram Business account so their reception staff can reply to customer messages from a single inbox, alongside WhatsApp. When you message one of these connected accounts, the customer (the clinic or business operating that account) is the data controller for the conversation and XLinic acts as a data processor, storing and displaying the messages on the customer’s behalf. Our processing is consistent with Meta’s Platform Terms, Developer Policies, Messenger Platform Policy, and Instagram Messaging API Policy.
What we receive from Meta and store when you message a connected account:
- A platform identifier — a Page-Scoped User ID (PSID) for Messenger or an Instagram-Scoped User ID (IGSID). These are specific to the account you messaged and cannot be used to identify you on other Pages or apps.
- Your public profile basics — the display name, username (Instagram only), and profile picture associated with your Facebook or Instagram account. We cache a copy of the profile picture on our servers so the staff inbox continues to display it after Meta’s temporary image link expires.
- Message content — the text, images, audio, video, and files you send, together with timestamps, delivery and read receipts, reactions, and button/quick-reply selections.
- Messaging-window timing — we log when your last message arrived so staff replies stay within Meta’s 24-hour standard messaging window, as required by Meta’s Platform Policy.
12.1 Instagram-specific data
When you contact a connected Instagram Business account, we additionally receive and store the following Instagram-specific items so the inbox can render the conversation faithfully:
- Story mentions — if you @-mention the connected account in your Instagram Story, the mention event (with a temporary media URL) is delivered to us so staff can see and reply to the mention. We do not download or persist the Story media beyond the link Meta gives us.
- Shared posts and Reels — when you share a Reel or post into the DM thread, we store the Meta-supplied reference (post ID and caption excerpt) so the staff can see what you sent.
- Message reactions — emoji reactions you add to messages, anchored to the specific message-ID they apply to.
- Read receipts — Instagram delivers a read receipt keyed to a specific message-ID (not a watermark), and we mark only that message and earlier ones as read.
- Quick-reply selections — if you tap a quick-reply button, we receive its payload value (not the button title), used to route your reply inside the inbox.
Instagram conversations are stored under your Instagram-Scoped User ID (IGSID), which is unique to the account you contacted — it does NOT identify you on any other Page, app, or Instagram account.
Automated replies. If a connected account is configured to send any automated reply, you will be told at the start of the conversation that you are chatting with an automated assistant and that a human can take over, in compliance with Meta’s Messenger and Instagram automation-disclosure rules.
Retention. Messenger and Instagram conversation data follows the retention periods in section 5: personal data is purged within 30 days of a deletion request and identifiers are kept for up to 90 days for audit, after which they are deleted.
Deleting your messaging data. You can remove XLinic’s access from your Facebook settings (Settings & privacy → Settings → Apps and Websites) or your Instagram settings (Settings → Apps and Websites → Active). Doing so triggers our Data Deletion Callback at https://x-linic.com/api/meta/data-deletion, which permanently deletes the conversations linked to your PSID (Messenger) or IGSID (Instagram) across our systems and returns a confirmation code you can use to track the request. You can also email [email protected] to request deletion manually.
13. WhatsApp messaging
Many XLinic customers connect their own WhatsApp Business Account (WABA) so their reception staff can message patients — appointment reminders, invoice receipts, and free-form replies — through the clinic's own WhatsApp number. The customer (the clinic) is the data controller for these conversations and XLinic acts as a data processor.
What we store when you message, or are messaged by, a connected clinic on WhatsApp:
- Your phone number in international format, used as the WhatsApp address.
- Message content — the text, images, documents, audio, video, location and contact cards exchanged, plus any template variables filled in (e.g. your name, appointment date).
- Delivery + read status — sent / delivered / read / failed receipts per message.
- Messaging-window timing — we log when your last inbound message arrived so staff replies stay within WhatsApp's 24-hour customer-service window; outside it, only Meta-approved message templates are sent, as required by the WhatsApp Business Policy.
Consent. We only send WhatsApp messages to patients who have opted in (a per-patient WhatsApp consent flag), and you can withdraw consent at any time by replying to ask us to stop or by contacting the clinic.
Automated replies. If a clinic configures an automated reply, you are told at the start of the conversation that you are chatting with automation and how to reach a human.
Retention. WhatsApp conversation data follows the retention periods in section 5: personal data is purged within 30 days of a deletion request and identifiers are kept up to 90 days for audit, then deleted.
Deleting your WhatsApp data. Because WhatsApp is not a Facebook-login product, WhatsApp deletion requests are handled directly: email [email protected] (or ask the clinic) and we permanently delete the conversations tied to your phone number. (The Meta Data Deletion Callback at https://x-linic.com/api/meta/data-deletion covers Messenger and Instagram, which are Facebook-login based.)
14. Changes to this policy
We may update this Privacy Policy from time to time. Material changes are notified to active customer administrators by email at least 14 days in advance, and the date at the top of this page reflects the latest version.
15. Contact
- Privacy questions: [email protected]
- Security disclosures: [email protected]
- Data-subject requests: your employer’s HR team, or [email protected] if you cannot reach them