Privacy Policy

Clinify ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal and health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our healthcare compliance platform and services.

As a healthcare technology provider, we comply with applicable data protection laws including HIPAA (Health Insurance Portability and Accountability Act), GDPR (General Data Protection Regulation), and other relevant privacy regulations. This policy applies to all users of our platform including healthcare providers, patients, and business partners.

By using Clinify, you consent to the practices described in this Privacy Policy. If you do not agree with our policies, please do not use our services.

Personal Information

We collect information that identifies you as an individual, including:

• Name, email address, phone number, and business contact details
• Professional credentials and license information (for healthcare providers)
• Billing and payment information
• Account credentials and authentication data
• Communication preferences and correspondence with our support team

Protected Health Information (PHI)

When you use our platform to manage patient care, we may process Protected Health Information as defined by HIPAA, including:

• Patient demographic information
• Medical records and treatment history
• Prescription and medication data
• Insurance and billing information
• Clinical notes and consultation records

Technical and Usage Information

• IP address, browser type, and device information
• Usage data, feature interactions, and access logs
• Cookies and similar tracking technologies
• Performance metrics and error reports

We use the information we collect for the following purposes:

• Service Delivery: To provide, maintain, and improve our healthcare compliance platform
• Treatment and Care Coordination: To facilitate patient care, prescriptions, and clinical workflows
• Compliance and Legal Obligations: To meet HIPAA, GDPR, and other regulatory requirements
• Security and Fraud Prevention: To protect against unauthorized access and maintain data integrity
• Analytics and Improvement: To understand usage patterns and enhance our services
• Customer Support: To respond to inquiries, troubleshoot issues, and provide technical assistance
• Billing and Payments: To process transactions and manage subscriptions
• Communications: To send service updates, security alerts, and important notices (we do not send marketing emails without your explicit consent)

We will not use or disclose your Protected Health Information without your authorization, except as permitted or required by law.

We do not sell, rent, or trade your personal information or PHI. We may share information only in the following circumstances:

• With Your Consent: When you explicitly authorize us to share your information
• Healthcare Operations: With other healthcare providers involved in your care, as permitted by HIPAA
• Business Associates: With trusted third-party service providers who assist in operating our platform (all bound by HIPAA Business Associate Agreements)
• Legal Requirements: When required by law, court order, or to comply with legal processes
• Safety and Protection: To prevent fraud, protect rights and property, or ensure safety
• Business Transfers: In connection with mergers, acquisitions, or asset sales (with continued privacy protections)

All third parties who receive your information are contractually obligated to maintain appropriate security measures and use the information only for specified purposes.

We implement industry-leading security measures to protect your information:

• Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Role-based access controls and multi-factor authentication
• Infrastructure Security: SOC 2 Type II certified infrastructure with regular security audits
• Monitoring: 24/7 security monitoring and intrusion detection systems
• Backup and Recovery: Automated backups with disaster recovery protocols
• Employee Training: Regular security and HIPAA compliance training for all staff
• Vendor Management: Rigorous security assessments for all third-party providers

While we strive to protect your information, no system is completely secure. We encourage you to use strong passwords and report any suspected security issues immediately.

Depending on your location and applicable laws, you have the following rights:

• Access: Request a copy of your personal information and PHI
• Correction: Request corrections to inaccurate or incomplete information
• Deletion: Request deletion of your information (subject to legal retention requirements)
• Restriction: Request limitations on how we process your information
• Portability: Receive your data in a structured, machine-readable format
• Object: Object to certain processing activities
• Withdraw Consent: Withdraw previously granted consent at any time
• Accounting of Disclosures: Receive a list of PHI disclosures (as required by HIPAA)

To exercise these rights, please contact us using the information provided below. We will respond to your request within 30 days (or as required by applicable law). You have the right to file a complaint with relevant data protection authorities if you believe your privacy rights have been violated.

We retain your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy and comply with legal obligations:

• Account Information: Retained while your account is active and for up to 7 years after closure for legal and regulatory compliance
• Protected Health Information: Retained for minimum periods required by HIPAA, state laws, and medical record retention requirements (typically 6-10 years)
• Billing Records: Retained for 7 years to comply with tax and accounting regulations
• Technical Logs: Retained for 90 days to 2 years depending on log type and security requirements

After the retention period, we securely delete or anonymize your information using industry-standard methods. In some cases, we may retain anonymized data for analytical purposes.

We use cookies and similar technologies to enhance your experience and understand how our platform is used:

• Essential Cookies: Required for authentication, security, and core platform functionality
• Performance Cookies: Help us understand usage patterns and improve performance
• Functional Cookies: Remember your preferences and settings

You can control cookie preferences through your browser settings. Note that disabling certain cookies may affect platform functionality. We do not use third-party advertising cookies on our platform.

Clinify is based in [Your Location] and our infrastructure is primarily located in [Data Center Locations]. If you access our services from outside these regions, your information may be transferred internationally.

We ensure all international transfers comply with applicable data protection laws including GDPR. We use Standard Contractual Clauses (SCCs) and other approved mechanisms to ensure your information receives adequate protection regardless of location.

For users in the European Economic Area (EEA), UK, or Switzerland, we implement appropriate safeguards to ensure your rights are protected during any international transfers.

Our services are designed for use by healthcare professionals and businesses, not for children under 13 years of age. We do not knowingly collect personal information from children under 13.

If we learn that we have collected personal information from a child under 13, we will take steps to delete such information promptly. If you believe we have inadvertently collected information from a child, please contact us immediately.

Our platform may be used to manage healthcare records for pediatric patients, which is done under the authority and consent of parents or legal guardians through our healthcare provider clients.

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• Posting the updated policy on our website with a new "Last Updated" date
• Sending email notifications to registered users
• Displaying prominent notices within our platform

Your continued use of our services after changes become effective constitutes acceptance of the updated policy. We encourage you to review this policy periodically to stay informed about how we protect your information.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For HIPAA-related complaints or concerns, you also have the right to contact the U.S. Department of Health and Human Services Office for Civil Rights.

Last Updated: January 19, 2026