Seiton CRMReturn to HQ
Institutional Privacy Protocol v2.5

Privacy Intelligence.

The comprehensive framework governing clinical data integrity, patient anonymity, and institutional security within the Seiton CRM ecosystem.

Institutional Definitions

To ensure high-fidelity communication, this protocol defines key entities within the Seiton ecosystem.

The Instance Owner

The legal entity or aesthetic practitioner who establishes and operates an instance of Seiton CRM.

PHI (Protected Health Information)

Sensitive clinical data relating to patient treatments, medical histories, and photographs.

Encryption-at-Rest

The protocol ensuring data is encrypted while stored on our medical-grade servers using AES-256 standards.

Data Sovereign

The end-user or patient to whom the specific data belongs or refers.

Data Collection Strategy#

At Seiton, we adhere to the Principle of Data Minimization. We only collect the technical and institutional metadata absolutely necessary to facilitate the professional operations of your clinic.

Metadata

Name, institutional email, phone number, and professional billing coordinates.

Diagnostics

IP addresses, browser signatures, and system interaction logs for clinical auditing.

Financials

Stripe tokens for subscription management. No raw banking data is held on Seiton servers.

Processing Operations

Data processing within Seiton occurs strictly for the maintenance and enhancement of your clinical intelligence. We categorize these operations into:

  • Functional Processing: Generating your clinical calendar, calculating staff commissions, and maintaining patient queues.
  • Security Processing: Verifying identity via JWT (JSON Web Tokens) and enforcing RBAC (Role-Based Access Control) to prevent unauthorized PHI exposure.
  • Audit Processing: Maintaining an immutable trail of system actions to assist in medical-legal disputes or regulatory audits.

Patient PHI Protocols

Institutional Processor Status

Seiton Intelligence Inc. acts strictly as a Data Processor. You, the Instance Owner, are the Data Controller. You retain full responsibility for the clinical legitimacy and patient consent required to store health data within our system.

Before & After Anonymity

Clinical photographs are stored in isolated, encrypted buckets. We recommend using the "Privacy Mask" feature built into the Seiton patient vault to obscure identifiable markers in shared clinical galleries.

Bank-Grade Security Matrix

Our security architecture is designed to withstand institutional-level threats. We utilize:

  • End-to-End Encryption (E2EE): During clinical note submission, data is encrypted via TLS 1.3 before reaching our persistence layer.
  • Multi-Region Redundancy: Data is synchronized across isolated cloud regions to ensure "High Availability" during critical clinical emergencies.
  • Vulnerability Assessments: Continuous automated testing to identify and patch architectural weaknesses before they can be exploited.

Retention & Deletion

We preserve your data as long as your clinical instance remains active.

"When an instance is terminated, Seiton provides a 30-day clinical grace period for full data export. After this window, all institutional metadata and PHI are purged from our primary databases in accordance with institutional sanitization standards."

Your Legal Sovereignty

As an Institutional Partner, you and your patients have the following sovereign rights:

Right of High-Fidelity Access
Right to Institutional Correction
Right to Protocol Portability
Right to Digital Erasure
Right to Processing Limitation
Right to Object to Automation

If you have institutional inquiries regarding our Privacy Protocol, please contact the Seiton Data Protection Office:

DPO: data-specialist@seiton-crm.com

Institutional Intelligence Headquarters • Silicon Valley | Amsterdam | Tokyo