← Back to Home

Privacy Policy

Last updated: December 2, 2025

1. Introduction

Welcome to ClinicHub ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information and Protected Health Information (PHI). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our clinic management system.

By using ClinicHub, you agree to the collection and use of information in accordance with this policy. We comply with applicable data protection laws, including HIPAA (Health Insurance Portability and Accountability Act) in the United States and GDPR (General Data Protection Regulation) in the European Union.

2. Information We Collect

2.1 Personal Information

We collect information that you provide directly to us, including:

  • Name, email address, phone number, and contact information
  • Account credentials and authentication information
  • Clinic and practice information
  • Billing and payment information

2.2 Protected Health Information (PHI)

As a healthcare management platform, we process PHI on behalf of healthcare providers. This includes:

  • Patient medical records and history
  • Clinical notes and diagnoses
  • Prescription information
  • Appointment and treatment records
  • Insurance and billing information

We act as a Business Associate under HIPAA and process PHI strictly in accordance with our Business Associate Agreement and applicable regulations.

3. How We Use Your Information

We use collected information to:

  • Provide, maintain, and improve our services
  • Process transactions and manage billing
  • Send appointment reminders and notifications (with your consent)
  • Comply with legal obligations and regulatory requirements
  • Detect and prevent fraud, abuse, and security threats
  • Respond to your inquiries and provide customer support

We do not use PHI for marketing purposes or share it with third parties except as described in this policy or as required by law.

4. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: AES-256-GCM encryption for PHI fields at rest and in transit
  • Access Controls: Role-based access control (RBAC) and multi-factor authentication
  • Audit Logging: Comprehensive audit trails for all data access and modifications
  • Network Security: Secure connections using TLS/SSL protocols
  • Regular Security Audits: Ongoing security assessments and vulnerability testing

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information or PHI. We may share information only in the following circumstances:

  • Service Providers: With trusted third-party service providers who assist in operating our platform (under strict confidentiality agreements)
  • Legal Requirements: When required by law, court order, or government regulation
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (with prior notice)
  • With Your Consent: When you explicitly authorize us to share information

6. Your Rights (GDPR)

If you are located in the European Economic Area (EEA), you have the following rights:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data (subject to legal requirements)
  • Right to Restrict Processing: Request limitation of data processing
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing of your data for certain purposes

To exercise these rights, please contact us at privacy@clinichub.com.

7. HIPAA Compliance

As a Business Associate, we:

  • Maintain appropriate administrative, physical, and technical safeguards
  • Report any security incidents or breaches as required by law
  • Ensure workforce members are trained on HIPAA requirements
  • Execute Business Associate Agreements with covered entities
  • Conduct regular risk assessments and security audits

8. Data Retention

We retain your information for as long as necessary to:

  • Provide our services to you
  • Comply with legal and regulatory obligations
  • Resolve disputes and enforce agreements

PHI is retained in accordance with applicable healthcare regulations, which may require retention for extended periods. Upon account termination, we will securely delete or anonymize data in accordance with our retention policies and legal requirements.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) for GDPR compliance
  • Data processing agreements with service providers
  • Compliance with applicable data protection laws

10. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we may also notify you via email or through our platform.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Email: privacy@clinichub.com

Data Protection Officer: dpo@clinichub.com

Support: Contact Support