Privacy Policy

We may collect the following types of information:

• Account information, including name, email address, phone number, login credentials, user role, organization, and account settings.
• Patient information, including demographics, medical history, appointment details, intake forms, encounter notes, lab results, prescriptions, insurance information, billing information, and related health information.
• Provider information, including name, credentials, NPI, license details, clinic association, schedule, and documentation activity.
• Payment information, including billing status, transaction identifiers, invoices, and payment history. We do not store full payment card numbers when payments are processed by third-party payment processors.
• Technical information, including IP address, browser type, device information, operating system, log data, cookies, and usage activity.
• Communications, including support requests, messages, reminders, notifications, consent records, and opt-in or opt-out preferences.

Some information processed through the platform may be Protected Health Information (“PHI”) under the Health Insurance Portability and Accountability Act (“HIPAA”).

When we process PHI on behalf of a healthcare provider, clinic, or other covered entity, we do so as permitted by applicable agreements, including a Business Associate Agreement when required.

This Privacy Policy does not replace a healthcare provider's HIPAA Notice of Privacy Practices. Patients should contact their healthcare provider or clinic for questions about medical records, HIPAA rights, or provider-specific privacy practices.

We may use information to:

• Create, authenticate, and manage user accounts.
• Support telehealth visits and clinical workflows.
• Schedule appointments and send reminders.
• Allow providers and authorized clinic staff to document care and review patient records.
• Support patient intake, medical history, lab, pharmacy, prescription, payment, insurance, claims, SMS, email, and other enabled workflows.
• Provide customer support and respond to user requests.
• Improve platform performance, reliability, usability, and security.
• Maintain audit logs and comply with legal, contractual, regulatory, and operational obligations.
• Detect, investigate, and prevent fraud, misuse, security incidents, or unauthorized access.

We may share information with:

• Healthcare providers, clinics, administrators, and authorized staff involved in care or operations.
• Patients and authorized representatives, when permitted.
• Third-party service providers that support hosting, infrastructure, email, SMS, payments, laboratories, pharmacies, analytics, support, security, and other platform operations.
• Insurance, billing, laboratory, pharmacy, clearinghouse, claims, or other healthcare partners when enabled by the clinic or required for care, payment, or healthcare operations.
• Government, regulatory, legal, or law enforcement authorities when required by law or necessary to protect rights, safety, or security.
• Successor entities in connection with a merger, acquisition, financing, restructuring, or business transfer.

We do not sell PHI.

If users opt in or if notifications are otherwise permitted by law and platform settings, we may send appointment reminders, account notices, care-related notices, lab or result notifications, payment notices, support messages, and other service-related communications by SMS, email, in-app notification, or other channels.

Users may opt out of certain communications where applicable. Some operational or legally required messages may still be necessary for account administration, security, care delivery, or platform operation.

We may use cookies and similar technologies to:

• Keep users logged in.
• Secure and manage sessions.
• Remember preferences.
• Analyze usage.
• Improve platform performance and reliability.
• Help detect fraud or unauthorized activity.

Users may control cookies through browser settings, but disabling cookies may affect platform functionality.

We use administrative, technical, and organizational safeguards designed to protect information from unauthorized access, use, disclosure, alteration, or destruction.

However, no system can be guaranteed completely secure. Users are responsible for maintaining the confidentiality of their login credentials and promptly reporting suspected unauthorized access.

We retain information for as long as necessary to provide services, comply with legal and regulatory obligations, support audit requirements, resolve disputes, enforce agreements, and maintain platform integrity.

Medical record retention may depend on the policies and legal obligations of the applicable healthcare provider or clinic.

Depending on user role, location, and applicable law, users may have rights to request access, correction, deletion, restriction, portability, or other control over certain personal information.

Requests involving patient medical records, PHI, or clinical documentation may need to be handled by the applicable healthcare provider or clinic.

The platform is not intended for independent use by children without involvement of a parent, guardian, authorized representative, or healthcare provider. Use involving minors must comply with applicable laws and clinic policies.

The platform may integrate with third-party services, including laboratories, pharmacies, payment processors, email providers, SMS providers, AI tools, insurance systems, claims systems, analytics tools, and hosting providers.

Third-party services may have their own privacy policies and terms. We are not responsible for privacy practices of third parties outside our control.

We may update this Privacy Policy from time to time. Updated versions will be posted in the app, on our website, or otherwise made available. The updated policy will indicate the effective date.