Data Deletion Instructions

Effective date: May 16, 2026

1. Your right to delete

Under GDPR (EU), CCPA (California), the Israeli Privacy Protection Law, HIPAA (USA), and similar laws, you have the right to have your personal data deleted from Virtual Medical Assistant (VMA).

2. How to delete your data inside the app

If you are a doctor / clinic owner:

1. Open Virtual Medical Assistant (desktop or mobile).
2. Go to Settings → Reset clinic to permanently erase the whole clinic profile, patients, appointments, invoices and connections from our servers. You will be asked to confirm by SMS code.
3. To remove only your linked Cloud / Email / WhatsApp account (without deleting the clinic): Settings → Cloud & Email → click Disconnect on the connection. Then revoke the application in your provider's account at myaccount.google.com/permissions (for Google) or account.live.com/consent/manage (for Microsoft).
4. To remove just your WhatsApp Business connection: Settings → My WhatsApp Number → Disconnect.

If you are a patient of a clinic that uses Virtual Medical Assistant (VMA):

Contact your clinic directly and ask them to delete your record. The clinic is the data controller for patient data; we (the SaaS operator) process patient data on their behalf and cannot delete it without their request.

3. How to request deletion by email

If you cannot use the in-app option, send an email to emil.mamadov@projectlineil.com with subject «Data deletion request» and include:

• The email address or phone number associated with your Virtual Medical Assistant (VMA) account.
• (Optional) The clinic name if you are a clinic owner.
• A statement that you authorize the deletion.

We respond within 30 calendar days (GDPR Article 12(3)). The deletion is permanent and cannot be undone.

4. What gets deleted

• Clinic profile, doctor account, all patient records, appointments, invoices, prescriptions, attachments, audit log entries, voice-call metadata (calls are not recorded — no audio or transcript is stored).
• OAuth tokens, refresh tokens and API credentials stored on our servers for your linked accounts.
• Backup snapshots are deleted on the next backup rotation (within 30 days).

We retain HIPAA-required audit log entries for 6 years per §164.316(b)(2)(i) even after deletion — but these contain only the metadata required by law (action, timestamp, signature) and never raw patient data.

5. Third parties

If you also want your data deleted at our subprocessors (Microsoft Azure, OpenAI, Twilio, Meta WhatsApp Cloud API), tell us in your deletion request and we will forward the request to them. Their own deletion policies still apply.

6. Contact

Data protection contact: emil.mamadov@projectlineil.com — Project Line, Israel.