Privacy policy
How ClinicAI handles data
We design AI automations for clinics with a privacy-first mindset. This page explains what data we collect, how we secure it, and how to reach us.
1. Data ownership
Patient data (PHI) remains on your infrastructure (EMR, shared drives, databases). We do not store PHI beyond the transient processing required to configure or troubleshoot your automations.
2. Information we collect
- Contact information submitted by email when you request a proposal.
- Operational metadata required to connect to your tools (API endpoints, calendar IDs, integration logs).
- Non-identifying usage metrics when explicitly enabled for troubleshooting.
3. Retention
Non-PHI operational data is retained only for the duration of the project and the 30-day hypercare window. Upon request, or after support concludes, we remove access tokens, logs, and related files from our systems.
4. Security
- Access is limited to authorised ClinicAI personnel under confidentiality agreements.
- Secrets are stored in encrypted vaults. We do not transmit credentials over unsecured channels.
- Deployments can run on your infrastructure; we remove staging environments after launch.
5. Your rights
You may request access, correction, or deletion of any personal data we hold. Email kerem@clinicai.clinic for privacy requests.