Privacy Policy

1. Introduction

Welcome to ClinicPulse ("we," "our," or "us"). ClinicPulse is a health and nutrition management platform designed for clinics and healthcare practitioners, accessible at clinicpulse.app. We are committed to protecting the privacy and security of all information processed through our platform, including sensitive health data.

This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use the ClinicPulse platform, including our website, applications, and related services (collectively, the "Service"). Please read this policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

2. Information We Collect

2.1 Account Information

When you register for a ClinicPulse account, we collect information necessary to create and manage your account, including:

• Full name and professional credentials
• Email address
• Phone number
• Password (stored in hashed form)
• Professional license information
• Billing and payment information

2.2 Clinic and Practitioner Information

If you register as a clinic or healthcare practitioner, we collect additional information related to your professional practice:

• Clinic name, address, and contact details
• Practitioner specialty and qualifications
• National Provider Identifier (NPI) or equivalent
• Practice type and size
• Staff member information and role assignments

2.3 Patient Health Data

ClinicPulse enables practitioners to manage patient health information. When practitioners use our platform, the following patient data may be stored:

• Patient demographics (name, date of birth, gender, contact information)
• Medical history and health conditions
• Health metrics (weight, height, BMI, blood pressure, lab results)
• Allergies and dietary restrictions
• Medication information
• Clinical notes and consultation records
• Treatment plans and progress notes

2.4 Nutrition and Meal Plan Data

Our platform collects and processes nutrition-related data to support meal planning and dietary management:

• Custom nutrition plans and dietary goals
• Meal plans and recipes
• Food preferences and restrictions
• Caloric and macronutrient targets
• Nutritional analysis results
• Dietary compliance and adherence data

2.5 AI Usage Data

When you use our AI-assisted features, including the AI medical assistant and AI-powered meal planning, we collect:

• Queries and prompts submitted to AI features
• AI-generated responses and recommendations
• Feedback on AI outputs (e.g., accepted, modified, or rejected suggestions)
• AI session metadata (timestamps, feature used, duration)

AI queries that reference patient data are processed in accordance with the same security and privacy controls applied to all patient health data. We do not use patient health data submitted through AI features to train or improve general-purpose AI models.

2.6 Usage and Analytics Data

We automatically collect certain information when you access or use the Service:

• Device information (browser type, operating system, device identifiers)
• IP address and approximate geographic location
• Pages visited and features used
• Date and time of access
• Referring URLs and search terms
• Performance data (page load times, errors, interaction patterns)

3. Health Data and HIPAA

ClinicPulse provides tools and features designed to assist healthcare practitioners in managing patient health information. We understand the critical importance of protecting health data and take our responsibilities seriously.

3.1 Business Associate Agreement (BAA)

For practitioners and organizations that require a Business Associate Agreement, ClinicPulse offers a BAA as part of our Enterprise plan ($499/mo). The BAA outlines the specific obligations and responsibilities of both parties regarding the handling of Protected Health Information (PHI). If you believe you require a BAA for your use of ClinicPulse, please contact us at support@clinicpulse.app to discuss your needs and upgrade options.

3.2 Our Security Commitments

Regardless of plan level, we implement the following measures to support the protection of health data:

• Encryption of data at rest and in transit (AES-256, TLS 1.2+)
• Role-based access controls
• Audit logging of access to patient data
• Regular security assessments and penetration testing
• Employee security training and background checks
• Incident response procedures

4. How We Use Your Information

We use the information we collect for the following purposes:

• Provide and maintain the Service: To operate the platform, manage accounts, process transactions, and deliver the features you request, including patient management, nutrition planning, and AI-assisted tools.
• Improve and personalize the Service: To understand how users interact with the platform, identify areas for improvement, and develop new features. We use aggregated and anonymized data for this purpose whenever possible.
• Communicate with you: To send account-related notifications, respond to inquiries, provide customer support, and send important updates about the Service.
• Process payments: To manage your subscription, process billing, and handle payment-related communications.
• Ensure security and prevent fraud: To protect the integrity of the platform, detect and prevent unauthorized access, and address security threats.
• Comply with legal obligations: To fulfill our legal and regulatory obligations, respond to lawful requests from authorities, and enforce our terms of service.
• AI feature improvement: To improve the accuracy and relevance of our AI-assisted features using anonymized and aggregated interaction data. We never use identifiable patient health data for AI model training.

5. Data Sharing and Disclosure

We do not sell your personal information or patient health data. We may share information in the following limited circumstances:

• Service providers: We work with trusted third-party providers who assist in operating the platform (e.g., cloud hosting, payment processing, email delivery, analytics). These providers are contractually obligated to protect your data and may only use it to perform services on our behalf.
• Within your organization: If you are part of a clinic or practice, information may be shared among authorized team members within your organization as configured by your clinic administrator.
• Legal requirements: We may disclose information if required to do so by law, in response to a valid subpoena, court order, or government request, or to protect the rights, property, or safety of ClinicPulse, our users, or the public.
• Business transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your data.
• With your consent: We may share information with third parties when you have explicitly consented to such sharing.

6. Data Security

We implement comprehensive security measures to protect your information, including:

• Encryption at rest: All stored data, including patient health records and personal information, is encrypted using AES-256 encryption.
• Encryption in transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher.
• Access controls: We enforce role-based access controls (RBAC) to ensure that only authorized personnel can access sensitive data, both within your organization and within our own operations.
• Audit logging: Access to patient data is logged and monitored for unauthorized activity.
• Infrastructure security: Our infrastructure is hosted on industry-leading cloud platforms with SOC 2 Type II compliance, firewalls, intrusion detection systems, and regular vulnerability scanning.
• Regular security testing: We conduct regular penetration testing and security audits to identify and remediate vulnerabilities.

While we strive to protect your information using commercially reasonable measures, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security.

7. Data Retention

We retain your information for as long as your account is active or as needed to provide you with the Service. Specific retention periods include:

• Account data: Retained for the duration of your account and for up to 30 days after account deletion to allow for recovery.
• Patient health data: Retained in accordance with applicable healthcare record retention laws. Upon account termination, practitioners may export their data. After the export period (90 days), data is permanently deleted.
• Nutrition and meal plan data: Retained for the duration of your account and included in data export upon termination.
• AI interaction data: AI session logs are retained for up to 12 months to support quality improvement and then anonymized or deleted.
• Usage and analytics data: Retained in anonymized form for up to 24 months for product improvement.
• Billing and payment records: Retained as required by applicable tax and financial regulations (typically 7 years).

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Right to access: You may request a copy of the personal information we hold about you.
• Right to rectification: You may request that we correct inaccurate or incomplete personal information.
• Right to deletion: You may request that we delete your personal information, subject to legal retention requirements.
• Right to data portability: You may request your data in a structured, commonly used, machine-readable format.
• Right to restrict processing: You may request that we limit the processing of your personal information in certain circumstances.
• Right to object: You may object to the processing of your personal information for certain purposes, including direct marketing.
• Right to withdraw consent: Where processing is based on consent, you may withdraw that consent at any time.

To exercise any of these rights, please contact us at support@clinicpulse.app. We will respond to your request within 30 days. Please note that certain data may be exempt from deletion requests due to legal retention obligations, particularly healthcare records.

Regarding patient data: Patients whose data is managed by practitioners on ClinicPulse should direct privacy inquiries to their healthcare provider. We support practitioners in responding to such requests through our platform's data management and export tools.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to operate and improve the Service:

• Essential cookies: Required for authentication, session management, and core platform functionality. These cannot be disabled.
• Analytics cookies: Used to understand how users interact with the Service and to identify areas for improvement. You may opt out of analytics cookies through your browser settings or our cookie preferences panel.
• Preference cookies: Used to remember your settings and preferences (e.g., language, theme, layout choices).

We do not use advertising or third-party marketing cookies. ClinicPulse does not engage in cross-site tracking or sell user data to advertisers.

10. Children's Privacy

ClinicPulse is designed for use by licensed healthcare practitioners and clinic staff. The Service is not directed at individuals under the age of 18, and we do not knowingly collect personal information from children. If you are a healthcare practitioner managing pediatric patient data on our platform, you are responsible for ensuring compliance with applicable laws regarding children's health information, including obtaining necessary parental or guardian consent.

If we become aware that we have inadvertently collected personal information from a child under 13, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at support@clinicpulse.app.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Post the updated policy on this page with a revised "Last updated" date
• Notify you by email or through an in-app notification if the changes are significant
• For changes affecting the handling of health data, provide at least 30 days' advance notice

Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For security-related concerns or to report a potential data breach, please email support@clinicpulse.app with the subject line "Security Concern" for expedited review.