Privacy Policy

Last updated: July 9, 2026

This policy explains what data Quironex processes, why, whom we share it with, and what controls you have. Data controller: Quironex, operated by Carla Nominati (Rosario, Santa Fe, Argentina). Privacy contact: privacidad@quironex.com.

1. Data we process

Depending on how you use the Service, we process the following categories of data:

  • Account data: name, email, password (stored encrypted/hashed by our authentication provider), language, time zone, specialty, and phone.
  • Organization/clinic data: name, logo, country, tax ID, address, and website.
  • Clinical data uploaded by the professional: patient information, radiographic studies and images, measurements, appointments, treatment plans, clinical notes, and postural assessments.
  • Payment data: handled by the payment processors (see below). Quironex does not store your full card details.
  • Technical and usage data: information needed to operate the app securely (technical and security logs) and navigation analytics data.
  • Google data: only if you voluntarily connect your Google Calendar.

2. Sensitive health data

The patient data uploaded by the professional may include health data, considered "sensitive data" under Argentina Law 25.326 and subject to enhanced protection.

For this data, the professional acts as the data controller and Quironex as the processor, processing it solely on behalf of and under the instructions of the professional to provide the Service. The professional is responsible for having the consent and legal basis to process it. Quironex does not use clinical patient data for advertising or to train artificial intelligence models.

3. Why we use the data

  • To provide and operate the Service and its features.
  • To ensure security and prevent fraud and abuse.
  • To provide support and communicate with you about your account.
  • To comply with legal and accounting obligations.
  • To understand product usage and improve it (analytics, with your consent where applicable).

4. Legal basis

We process your data based on the performance of the contract (providing the Service), your consent (for example, for analytics cookies), our legitimate interest (security and product improvement), and compliance with legal obligations.

5. Cookies and analytics

We use PostHog as a product analytics tool to understand how the site and app are used (page views, clicks, and product events). On the public site, with your consent, PostHog may record navigation and capture usage sessions; this analytics does not collect clinical patient data.

On the public site we display a cookie notice: analytics and session recording are only enabled if you accept. You can reject them or change your choice at any time. Strictly necessary cookies required for operation do not require consent.

6. Payment processors

Payments are processed by third parties, not by Quironex. For international customers, Paddle.com Market Limited (Paddle) acts as the Merchant of Record and processes your payment data under its own privacy policy. For customers in Argentina, payments are processed through Mercado Pago, under its policy. Quironex receives transaction information (for example, payment status) from these providers to manage your subscription, but not your full card details.

7. Google Calendar integration

If you choose to connect your Google Calendar, Quironex creates and manages a dedicated calendar to reflect your appointments (one-way sync, Quironex → Google). We do not access your personal calendar or any other calendars. The full detail of the access, use, and Google Limited Use clause is in our Google-specific data policy:

8. Who we share data with

We do not sell your data. We share it only with providers acting as data processors on our behalf and with appropriate safeguards:

  • Supabase — database, authentication, and file storage.
  • Vercel — hosting of the site and app.
  • PostHog — product analytics (with your consent on the public site).
  • Resend — sending transactional emails.
  • Paddle and Mercado Pago — payment processing.
  • Google — only if you connect Google Calendar.
  • Authorities, where required by a legal obligation.

9. Quironex role (data processor)

With respect to your patients data, Quironex acts as the data processor: it processes it solely on behalf of and under the instructions of the professional (the controller), with reasonable security measures, without using it for its own purposes and without transferring it except as necessary to provide the Service or as required by law. With respect to your own account data and your use of the site, Quironex acts as the controller.

10. International transfers

Some of our providers process data on servers located outside your country. In those cases, we adopt appropriate safeguards to protect your data in accordance with applicable law.

11. Security

  • All communication travels encrypted via HTTPS/TLS.
  • Data is isolated per organization (multi-tenant), so each clinic only accesses its own information.
  • Sensitive information is stored with encryption at rest at our providers infrastructure level and with restricted access.

12. Security incident notification

If a security incident affecting personal data were to occur, we will take reasonable steps to contain it and, where required by applicable law, notify the affected controllers and/or the competent supervisory authority without undue delay.

13. Retention and deletion

We retain your data while your account is active and for as long as necessary to fulfill the described purposes and applicable legal obligations. You may request the export or deletion of your data by writing to privacidad@quironex.com; when you close your account, we delete or anonymize it unless we are legally required to retain it.

14. Your rights

In accordance with Argentina Personal Data Protection Law 25.326 and other applicable regulations, you may request to access, rectify, update, or delete your data, object to certain processing, and withdraw your consent. To exercise these rights, write to privacidad@quironex.com. You may also contact the competent supervisory authority (in Argentina, the Agency for Access to Public Information).

15. Minors

The Service is aimed at professionals; it is not intended for minors, and we do not knowingly collect their personal data as users.

16. Changes

We may update this policy to reflect changes in the Service or in regulations. We will update the "Last updated" date and communicate significant changes by appropriate means.

17. Contact

privacidad@quironex.com — Quironex, Rosario, Santa Fe, Argentina.

Related documents

© 2026 Quironex