Privacy Policy

Cliniq is built to handle sensitive medical scheduling data. We take that responsibility seriously. This policy explains exactly what we collect, how we use it, and the controls you have over your data and your patients' data.

Cliniq is built to align with HIPAA (where applicable), GDPR for users in the European Economic Area, and equivalent data-protection regulations. We never sell your data or your patients' data. Ever.

Practice account data — when you register:

• ✦Name, email address, and phone number
• ✦Clinic name, address, and specialty
• ✦Billing information (processed via Stripe — we never store card numbers)
• ✦Profile photo (optional)

Patient booking data — entered by you or your patients:

• ✦Patient name, contact details, and appointment history
• ✦Appointment date, time, type, and status
• ✦Private notes you add to patient records (visible only to you)
• ✦Reminder delivery logs (sent / delivered / opened)

Usage and analytics data — collected automatically:

• ✦Pages visited, features used, and session duration
• ✦Device type, browser, and operating system (anonymised)
• ✦Error logs to help us diagnose and fix issues

• ✦To operate and deliver the Cliniq service
• ✦To send appointment confirmation and reminder messages to your patients on your behalf
• ✦To process payments and issue receipts
• ✦To provide customer support
• ✦To send product updates and feature announcements (you can unsubscribe at any time)
• ✦To detect and prevent fraud, abuse, or security incidents
• ✦To comply with legal obligations

We do not use patient data for advertising, profiling, or any purpose other than delivering the service you have contracted with us.

All data is encrypted at rest (AES-256) and in transit (TLS 1.3). Our infrastructure is hosted on SOC 2 Type II certified cloud providers with physical access controls, automated backups, and 99.9% uptime SLAs.

• ✦Patient records are logically isolated per practice account
• ✦Access logs are retained for 12 months for audit purposes
• ✦Passwords are hashed using bcrypt — we never store plaintext credentials
• ✦Two-factor authentication is available for all accounts

We share data with a limited set of trusted sub-processors to operate the service:

• ✦Stripe — payment processing (PCI-DSS Level 1 certified)
• ✦Twilio — SMS reminder delivery
• ✦AWS / Google Cloud — infrastructure and storage
• ✦Postmark — transactional email delivery

All sub-processors are bound by data processing agreements and are prohibited from using your data for their own purposes. We do not share data with advertisers, data brokers, or analytics companies.

You own your data. All practice data, patient records, and appointment history belong to you. Cliniq acts as a data processor on your behalf, not a data owner.

You can export a full copy of your data in CSV format at any time from your account settings. Upon account deletion, all data is permanently purged within 30 days.

• ✦Access — request a copy of all personal data we hold about you
• ✦Correction — ask us to correct inaccurate or incomplete data
• ✦Deletion — request permanent deletion of your account and all associated data
• ✦Portability — export your data in machine-readable format
• ✦Objection — opt out of any non-essential data processing

To exercise any of these rights, email us at privacy@cliniq.com. We respond within 30 days.

Cliniq uses strictly necessary cookies for authentication and session management, and optional analytics cookies to improve the product. You can manage cookie preferences via the banner on your first visit. We do not use advertising or third-party tracking cookies.

Questions about this policy or a data request? Contact our privacy team at privacy@cliniq.com or write to Flexpart Vanta INC., 340 Pine St, Suite 800, San Francisco, CA 94104.