This Privacy Policy explains how ClinicFlow Inc. ("ClinicFlow", "we", "us") collects, uses, shares, and protects personal information when you use our website, applications, and services (collectively, the "Services").
We act as a data processor on behalf of healthcare provider tenants (each, a "Customer") for the patient health information they upload to ClinicFlow. We act as a data controller for account, billing, and website analytics data we collect directly from staff users and prospects.
1. Information we collect
From Customers (clinics) and their staff
- Account info: name, work email, role, tenant subdomain.
- Authentication metadata: hashed passwords, MFA secrets, SSO subject IDs.
- Usage telemetry: pages visited, features used, error reports.
- Billing info: company name, address, tax ID, last-4 of payment method (held by Stripe).
From patients (via Customers)
- Identifiers: name, MRN, date of birth, contact details.
- Clinical data: encounters, vitals, medical notes, lab results, prescriptions.
- Documents the patient or staff uploads.
- Messaging history with the clinic.
From visitors to our website
- Browser type, IP address (truncated), referrer, pages viewed.
- Cookies (see Cookie Policy).
2. How we use information
- To provide and operate the Services.
- To respond to support requests.
- To send service announcements (security, billing, downtime).
- To improve product reliability via aggregate analytics.
- To meet legal obligations (tax, HIPAA, GDPR audit trails).
We do not use patient PHI to train AI models. We do not sell personal information.
3. Legal bases (GDPR)
- Contract — providing the Services to Customers.
- Legitimate interest — securing the platform, analytics.
- Consent — marketing communications, optional cookies.
- Legal obligation — tax records, audit logs.
4. Sharing & subprocessors
We share data only with subprocessors required to operate the Services. The current list is on the Subprocessors page. We notify Customers 30 days in advance of any new subprocessor.
5. International transfers
We host data in the region you select at signup (US, EU, or APAC). Cross-border transfers rely on Standard Contractual Clauses where applicable.
6. Retention
Account data: while your account is active, plus 30 days after cancellation. PHI: per the Customer's retention policy and HIPAA's 6-year minimum for audit records. Marketing logs: 90 days.
7. Your rights
You can request access, correction, deletion, restriction, portability, or objection at any time. Patients exercise these rights through their Customer (clinic); the clinic uses ClinicFlow's GDPR Art. 15/17/20 endpoints to fulfill them. Direct requests to [email protected].
8. Security
See our Security Practices for the full control list. Briefly: PHI encrypted at rest, TLS in transit, MFA available on all accounts, audit log on every PHI access, BAA gating on PHI-touching providers.
9. Children
The website is not intended for use by individuals under 16. The Services may store PHI about minors only when the Customer (clinic) is acting in their capacity as the minor's healthcare provider with appropriate consent.
10. Changes
We may update this Policy. Material changes are announced via email to account contacts at least 30 days before they take effect.
11. Contact
ClinicFlow Inc., 100 Mission St, San Francisco, CA 94105 — Data Protection Officer reachable at [email protected].