ClinixChat Privacy Policy

Effective Date: February 2, 2026
Last Updated: February 2, 2026

Introduction

Welcome to ClinixChat. We are committed to protecting your privacy and handling your personal health information with the highest standards of care, transparency, and security. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our healthcare communication platform.

ClinixChat is designed specifically for secure healthcare communication, and we understand the sensitive nature of the information you entrust to us. We comply with all applicable data protection laws, including HIPAA (Health Insurance Portability and Accountability Act), GDPR (General Data Protection Regulation), and other relevant healthcare privacy regulations.

By using ClinixChat, you agree to the terms outlined in this Privacy Policy. If you do not agree, please do not use our services.

1. Information We Collect

1.1 Account Information

When you create a ClinixChat account, we collect:

•   Full name

•   Email address

•   Professional credentials (for healthcare providers)

•   License numbers and verification information

•   Organization or practice affiliation

•   Phone number

•   Job title and role

•   Profile photograph (optional)

1.2 Health Information (Protected Health Information - PHI)

As a healthcare communication platform, ClinixChat may process Protected Health Information, including:

•   Patient names and identifiers

•   Medical record numbers

•   Diagnoses and treatment information

•   Prescription and medication data

•   Test results and clinical notes

•   Appointment and scheduling information

•   Insurance and billing information

•   Any other individually identifiable health information

Important: PHI is only accessible to authorized healthcare providers and staff involved in patient care. We implement strict access controls and encryption to protect this information.

1.3 Communication Data

We collect information from your use of our messaging platform:

•   Message content (text, images, files, voice messages)

•   Message metadata (timestamps, delivery status, read receipts)

•   Video and audio call data

•   File attachments and shared documents

•   Group chat participation

•   Channel memberships

1.4 Usage Information

We automatically collect certain information about how you use ClinixChat:

•   Device information (model, operating system, unique identifiers)

•   IP address and general location data

•   Browser type and version

•   Login times and session duration

•   Features accessed and usage patterns

•   Error logs and diagnostic data

•   Performance metrics

1.5 Cookies and Tracking Technologies

We use cookies and similar technologies to:

•   Maintain your session and keep you logged in

•   Remember your preferences and settings

•   Analyze platform usage and performance

•   Detect and prevent security threats

•   Improve user experience

You can control cookie preferences through your browser settings, but disabling certain cookies may limit platform functionality.

2. How We Use Your Information

2.1 Primary Purposes

We use your information to:

•   Provide secure healthcare communication services

•   Facilitate patient care coordination

•   Enable messaging between healthcare providers and patients

•   Process and deliver notifications

•   Verify professional credentials and identities

•   Maintain platform security and integrity

•   Prevent fraud and unauthorized access

2.2 Service Improvement

We use aggregated, de-identified data to:

•   Analyze platform performance and reliability

•   Identify and fix technical issues

•   Develop new features and functionality

•   Conduct research on healthcare communication patterns

•   Improve user interface and experience

2.3 Legal and Compliance

We may use your information to:

•   Comply with legal obligations and regulations

•   Respond to lawful requests from authorities

•   Enforce our Terms of Service

•   Protect our rights, property, and safety

•   Investigate suspected violations or misconduct

2.4 Communication

We use your contact information to:

•   Send service-related notifications

•   Provide technical support

•   Notify you of security updates

•   Share important policy changes

•   Respond to your inquiries

Note: We will never use your PHI for marketing purposes without your explicit consent.

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA) and UK, we process your data based on:

3.1 Contractual Necessity

Processing is necessary to provide ClinixChat services under our Terms of Service.

3.2 Legitimate Interests

We process data for legitimate business interests, including:

•   Platform security and fraud prevention

•   Service improvement and optimization

•   Network and information security

•   Business analytics and insights

3.3 Legal Obligation

We process data to comply with legal requirements, including healthcare regulations and data protection laws.

3.4 Consent

For certain processing activities (e.g., optional features, marketing communications), we obtain your explicit consent.

3.5 Vital Interests

In emergency situations, we may process data to protect life or health.

4. How We Share Your Information

4.1 Healthcare Providers and Staff

Within your organization or care team, authorized users may access relevant information to facilitate patient care. Access is strictly limited based on:

•   Role-based permissions

•   Need-to-know basis

•   Direct involvement in care

•   Organizational policies

4.2 Business Associates

We may share information with trusted third-party service providers who assist in operating ClinixChat:

•   Cloud hosting providers

•   Security and authentication services

•   Customer support platforms

•   Analytics providers

•   Payment processors

All business associates sign HIPAA Business Associate Agreements (BAAs) and are contractually obligated to protect your information.

4.3 Legal Requirements

We may disclose information when legally required:

•   Court orders and subpoenas

•   Law enforcement requests with proper authority

•   Public health reporting obligations

•   Child or elder abuse reporting

•   Communicable disease notification

•   Medical examiner or coroner requests

4.4 Emergency Situations

In life-threatening emergencies, we may share necessary information with:

•   Emergency medical services

•   Hospital emergency departments

•   Family members or emergency contacts (if appropriate)

4.5 With Your Consent

We may share information with third parties when you provide explicit authorization, such as:

•   Sharing records with specialists

•   Coordinating care with external providers

•   Insurance verification

•   Research participation (anonymized data)

4.6 What We Never Share

We will never:

•   Sell your personal or health information

•   Share PHI for marketing purposes without consent

•   Provide data to unauthorized third parties

•   Disclose information beyond legal requirements

5. Data Security

5.1 Encryption

ClinixChat implements industry-leading encryption:

•   End-to-end encryption for all messages and calls

•   AES-256 encryption for data at rest

•   TLS 1.3 for data in transit

•   Encrypted file storage and backups

5.2 Access Controls

We protect your information through:

•   Multi-factor authentication (MFA)

•   Role-based access control (RBAC)

•   Unique user credentials

•   Automatic session timeouts

•   Device and IP address monitoring

•   Biometric authentication options

5.3 Technical Safeguards

Our security measures include:

•   Firewall protection

•   Intrusion detection and prevention systems

•   Regular security audits and penetration testing

•   Vulnerability scanning and patching

•   Secure data centers with physical security

•   Redundant systems and disaster recovery

5.4 Administrative Safeguards

We maintain:

•   Comprehensive security policies and procedures

•   Regular staff security training

•   Incident response protocols

•   Risk assessment programs

•   HIPAA compliance officer oversight

•   Third-party security certifications

5.5 Audit Trails

ClinixChat maintains detailed audit logs:

•   User login and logout events

•   Message access and viewing

•   File downloads and sharing

•   Configuration changes

•   Security events and alerts

•   All logs are tamper-proof and retained per regulatory requirements

5.6 Data Breach Response

In the event of a data breach:

•   We will investigate immediately

•   Affected users will be notified within 72 hours (GDPR) or as required by law

•   Regulatory authorities will be informed as required

•   We will take corrective action to prevent recurrence

•   A detailed breach report will be provided

6. Data Retention

6.1 General Retention Periods

Table 1: Data retention periods by category

6.2 Legal Requirements

We retain data as required by:

•   HIPAA regulations (minimum 6 years)

•   State medical record laws (varies by jurisdiction)

•   GDPR and data protection laws

•   Contractual obligations

•   Litigation hold requirements

6.3 Secure Deletion

When retention periods expire:

•   Data is securely deleted using industry-standard methods

•   Backups are purged according to retention schedules

•   Physical media is destroyed when decommissioned

•   Deletion is logged and documented

7. Your Privacy Rights

7.1 HIPAA Rights

Under HIPAA, you have the right to:

•   Access your health information

•   Request corrections to inaccurate information

•   Request restrictions on certain uses and disclosures

•   Request confidential communications through alternative means

•   Receive an accounting of disclosures

•   Obtain a copy of this Privacy Policy

•   File a complaint if you believe your rights have been violated

7.2 GDPR Rights (EEA and UK Users)

You have the right to:

•   Access your personal data

•   Rectification of inaccurate data

•   Erasure ("right to be forgotten") in certain circumstances

•   Restrict processing of your data

•   Data portability to transfer your data

•   Object to processing based on legitimate interests

•   Withdraw consent at any time

•   Lodge a complaint with your supervisory authority

7.3 California Privacy Rights (CCPA/CPRA)

California residents have the right to:

•   Know what personal information is collected

•   Know if personal information is sold or disclosed

•   Say no to the sale of personal information

•   Access their personal information

•   Request deletion of personal information

•   Non-discrimination for exercising privacy rights

7.4 How to Exercise Your Rights

To exercise any privacy rights:

•   Email: privacy@clinixchat.com

•   Phone: [Insert phone number]

•   Mail: [Insert mailing address]

•   In-app: Settings > Privacy > Data Rights Request

Response Time: We will respond to requests within 30 days (or as required by applicable law).

Verification: We may require identity verification to protect your information.

7.5 Account Management

You can manage your account and privacy settings:

•   Update profile information

•   Change notification preferences

•   Control data sharing settings

•   Enable/disable optional features

•   Export your data

•   Delete your account

8. International Data Transfers

8.1 Data Location

ClinixChat stores data in secure data centers located in [specify regions]. For international users, your data may be transferred to and processed in countries with different data protection laws.

8.2 Transfer Safeguards

We protect international data transfers through:

•   Standard Contractual Clauses (SCCs) approved by the European Commission

•   Adequacy decisions for certain jurisdictions

•   Binding Corporate Rules

•   Additional security measures and encryption

8.3 Your Rights

International transfers do not diminish your privacy rights. You can:

•   Request information about transfer mechanisms

•   Obtain copies of safeguards

•   Object to transfers in certain circumstances

9. Children's Privacy

9.1 Age Requirements

ClinixChat is intended for healthcare professionals and adult patients. We do not knowingly collect information from children under 16 without parental consent.

9.2 Pediatric Patient Information

When healthcare providers use ClinixChat for pediatric patients:

•   Parents or guardians must provide consent

•   Minors may access their own records as permitted by law

•   We comply with age-specific privacy regulations

•   Additional safeguards protect pediatric information

9.3 If We Learn of Unauthorized Collection

If we discover we've collected information from a child without proper consent:

•   We will delete the information immediately

•   Parents will be notified

•   Access will be restricted until proper authorization is obtained

10. Third-Party Services

10.1 External Links

ClinixChat may contain links to external websites or resources. We are not responsible for the privacy practices of third-party sites.

When you click an external link:

•   You are leaving ClinixChat

•   That website's privacy policy applies

•   We recommend reviewing their privacy policies before sharing information

10.2 Integrations

ClinixChat may integrate with third-party services, such as:

•   Electronic Health Record (EHR) systems

•   Calendar and scheduling tools

•   Video conferencing platforms

•   Document storage services

•   Single sign-on (SSO) providers

For all integrations:

•   You grant permission to access specific data

•   We access only the minimum necessary information

•   HIPAA Business Associate Agreements are in place

•   You can revoke access through account settings

•   Review the third party's privacy policy

10.3 Analytics and Performance

We use third-party analytics tools to improve ClinixChat. These tools:

•   Do not access PHI or message content

•   Receive only aggregated, de-identified usage data

•   Are bound by strict confidentiality agreements

•   Comply with HIPAA and GDPR requirements

11. Cookies and Tracking

11.1 Types of Cookies We Use

Table 2: Cookie types and purposes

11.2 Managing Cookies

You can control cookies through:

•   Browser settings (block all or specific cookies)

•   ClinixChat cookie preferences

•   Third-party opt-out tools

Note: Disabling essential cookies may prevent you from using ClinixChat.

11.3 Do Not Track

We respond to "Do Not Track" signals where technically feasible. However, some functionality may be limited.

12. Healthcare-Specific Disclosures

12.1 HIPAA Notice of Privacy Practices

This Privacy Policy serves as our HIPAA Notice of Privacy Practices for covered entities. We are required by law to:

•   Maintain the privacy of PHI

•   Provide notice of our legal duties and privacy practices

•   Follow the terms of this notice currently in effect

•   Notify affected individuals of breaches of unsecured PHI

12.2 Permitted Uses Without Authorization

We may use and disclose PHI without authorization for:

•   Treatment - providing, coordinating, or managing healthcare

•   Payment - billing and reimbursement activities

•   Healthcare Operations - quality improvement, training, business planning

•   Public Health Activities - disease reporting, vaccine information

•   Health Oversight - audits, investigations, inspections

•   Legal Proceedings - court orders, administrative proceedings

•   Law Enforcement - identifying suspects, reporting crimes

•   Coroners and Medical Examiners - death investigations

•   Research - when approved by ethics board with waivers

•   Serious Threats - preventing imminent harm

12.3 Minimum Necessary Standard

We limit PHI use and disclosure to the minimum necessary to accomplish the intended purpose, except when:

•   Providing treatment

•   Disclosure is to the patient

•   Authorized by the patient

•   Required by law

12.4 Business Associate Relationships

All third parties that access PHI on our behalf:

•   Sign HIPAA Business Associate Agreements

•   Agree to safeguard PHI

•   Report any breaches or security incidents

•   Return or destroy PHI when no longer needed

13. Changes to This Privacy Policy

13.1 Updates and Modifications

We may update this Privacy Policy to reflect:

•   Changes in laws or regulations

•   New features or services

•   Evolving security practices

•   User feedback and requests

13.2 Notification of Changes

When we make changes:

•   Material changes: 30 days advance notice via email and in-app notification

•   Minor changes: updated "Last Updated" date

•   All changes posted at clinixchat.com/privacy

•   Previous versions archived and available upon request

13.3 Your Continued Use

Continued use of ClinixChat after changes take effect constitutes acceptance of the updated Privacy Policy. If you disagree with changes, you may:

•   Discontinue using ClinixChat

•   Export your data before the change takes effect

•   Contact us with concerns

14. Contact Information

14.1 Privacy Inquiries

For privacy questions or concerns:

Email: privacy@clinixchat.com
Phone: [Insert phone number]
Mail: [Insert mailing address]

Privacy Officer: [Name, Title]

14.2 Data Protection Officer (GDPR)

For EEA and UK users:

Email: dpo@clinixchat.com
Mail: [Insert EU representative address]

14.3 Security Issues

To report security vulnerabilities:

Email: security@clinixchat.com
Encrypted: [PGP key available at clinixchat.com/security]

14.4 Patient Support

For assistance with your account:

Email: support@clinixchat.com
Phone: [Insert support number]
Hours: Monday-Friday, 8 AM - 8 PM (your local time)

15. Regulatory Compliance

15.1 Certifications and Standards

ClinixChat maintains compliance with:

•   HIPAA (Health Insurance Portability and Accountability Act)

•   HITECH (Health Information Technology for Economic and Clinical Health Act)

•   GDPR (General Data Protection Regulation)

•   CCPA/CPRA (California Consumer Privacy Act)

•   ISO 27001 (Information Security Management)

•   SOC 2 Type II (Security, Availability, Confidentiality)

15.2 Regular Audits

We conduct:

•   Annual HIPAA security risk assessments

•   Third-party security audits

•   Penetration testing and vulnerability assessments

•   Compliance reviews and gap analyses

15.3 Filing Complaints

If you believe your privacy rights have been violated:

HHS Office for Civil Rights (OCR):
Phone: 1-800-368-1019
Website: hhs.gov/ocr/privacy
TDD: 1-800-537-7697

Your Local Data Protection Authority (for GDPR concerns)

Note: Filing a complaint will not result in retaliation or negative consequences for your care or service.

16. Definitions

Protected Health Information (PHI): Individually identifiable health information transmitted or maintained in any form.

Covered Entity: Healthcare providers, health plans, and healthcare clearinghouses that transmit health information electronically.

Business Associate: A person or entity that performs functions involving PHI on behalf of a covered entity.

De-identified Data: Information that cannot be used to identify an individual, with all identifiers removed.

Breach: Unauthorized acquisition, access, use, or disclosure of PHI that compromises security or privacy.

Minimum Necessary: The smallest amount of PHI needed to accomplish a specific purpose.

Acknowledgment

By using ClinixChat, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. You confirm that you have the authority to provide any personal or health information you share through the platform.

Thank you for trusting ClinixChat with your healthcare communications. Your privacy and security are our highest priorities.

Last Reviewed: February 2, 2026
Version: 1.0
Document Control: CLINIX-PRIVACY-2026-v1.0