ClinicOS Privacy Policy

ClinicOS is a software platform

ClinicOS provides clinic operating software to health care organizations. ClinicOS is not the health care provider for patients who use a clinic portal powered by ClinicOS. When a clinic uses ClinicOS to manage patient information, the clinic controls the patient relationship and ClinicOS processes that information as a service provider or business associate under the applicable customer agreement and BAA.

Information we collect

• Business contact information from prospects, clinic owners, administrators, and authorized staff users.
• Account and authentication information, including names, email addresses, roles, organization memberships, session metadata, and security events.
• Customer configuration data, including clinic profile details, scheduling rules, forms, payment settings, integration settings, and workflow configuration.
• Support and implementation information that customers or staff users choose to provide when asking for help.
• Usage, device, log, and telemetry information needed to operate, secure, debug, improve, and audit the SaaS platform.
• Integration data from connected services, such as payment processors, communications providers, accounting tools, advertising platforms, and calendar or OAuth providers, when enabled by a clinic.

Customer data and PHI

ClinicOS may process protected health information or other regulated patient information on behalf of clinic customers. That data belongs to the clinic customer or its patients as defined by applicable law and contract. ClinicOS uses and discloses PHI only as permitted by the applicable customer agreement, BAA, clinic instructions, and law.

How we use information

• Provide, secure, maintain, troubleshoot, and improve ClinicOS.
• Create accounts, authenticate users, enforce permissions, and maintain audit records.
• Configure scheduling, billing, communications, automations, insights, and integrations selected by clinic customers.
• Respond to support, implementation, legal, security, and compliance requests.
• Detect, prevent, and investigate fraud, abuse, security incidents, policy violations, and operational errors.
• Meet legal, contractual, tax, accounting, and regulatory obligations.

Google API data

When a clinic connects Google APIs, ClinicOS uses Google user data only to provide the requested integration features, such as account connection, reporting, or synchronization. ClinicOS does not use Google user data for advertising, does not sell Google user data, and limits access to the minimum needed to provide and secure the integration.

Sharing and subprocessors

ClinicOS shares information with vendors and subprocessors that help provide hosting, database, storage, security, communications, payment, analytics, support, AI, and integration services. ClinicOS also shares information when directed by a clinic customer, required by law, needed to protect rights and security, or involved in a corporate transaction subject to appropriate protections.

Retention

ClinicOS retains SaaS account, support, audit, security, billing, and customer configuration records for as long as needed to provide the platform, meet contractual obligations, comply with law, resolve disputes, preserve auditability, and protect security. Clinic patient records and PHI retention are primarily controlled by the clinic customer and applicable law.

Your choices

Clinic customers and authorized staff users may request access, correction, export, or deletion of SaaS account information by contacting ClinicOS. Patient medical record and PHI requests should be directed to the treating clinic unless ClinicOS is legally required or contractually authorized to act on the clinic's behalf.

Contact

For ClinicOS privacy questions, SaaS account requests, or vendor due diligence, contact privacy@clinicos.com. If your request concerns patient care, medical records, billing, or a clinic portal account, contact the clinic that provides your care.