Privacy Policy

Last Updated: 25/06/2025

CLINICORGANIZE ("we," "us," or "our") is committed to protecting your privacy and the confidentiality of healthcare data. This Privacy Policy explains how we collect, use, and safeguard your personal information when you use our clinic management platform ("Service"). By accessing or using our Service, you agree to the terms of this Privacy Policy.

1. Information We Collect

We collect the following types of information:

1.1 Information You Provide

  • Account Information: Name, email address, phone number, professional credentials, and billing details when you create an account.
  • Clinic Information: Clinic details, practitioner information, service offerings, schedules, and other operational data.
  • Patient Information: When entered by authorized clinic staff, may include patient demographics, appointment details, medical history, treatment plans, and billing information.

1.2 Automatically Collected Information
Usage Data: IP address, device type, browser type, operating system, and interaction data (e.g., pages viewed, features used). Cookies: Small data files stored on your device to improve your experience (see Section 7 for more on cookies).

1.3 Third-Party Data
We may receive information from third-party services (e.g., payment processors, electronic health record systems, insurance verification services) that you connect with the Service. All such integrations are implemented with appropriate security and compliance measures.

2. How We Use Your Information

We use your information for the following purposes:

  1. Service Delivery: To provide, maintain, and improve the Service for clinic management.
  2. Customer Support: To respond to inquiries, troubleshoot issues, and provide assistance to clinics using our platform.
  3. Billing and Payments: To process payments, manage subscriptions, and facilitate billing operations for healthcare services.
  4. Analytics: To understand usage trends and enhance Service performance (using anonymized or aggregated data where appropriate).
  5. Platform Communications: To send essential updates, service notifications, and requested information.
  6. Marketing: To send updates, promotions, or other communications to non-patient email addresses only (you may opt out at any time).
  7. Legal Compliance: To comply with applicable laws and regulations, including healthcare-specific requirements.

Special Note on Patient Data: Patient information is used solely for the provision of healthcare services as directed by the healthcare providers using our platform. We function as a business associate to covered entities under applicable healthcare privacy laws.

3. Sharing of Information

We do not sell your personal information or patient data under any circumstances. We may share your data in the following cases:

3.1 Service Providers
With trusted third-party vendors who assist us with Service delivery, such as payment processors, hosting providers, or analytics platforms. All service providers that may access protected health information are bound by appropriate Business Associate Agreements (BAAs).

3.2 Clinic Instructions
We process patient data as instructed by the healthcare provider using our platform. This may include sharing with authorized third parties (labs, insurance companies, referral specialists) as directed by the clinic.

3.3 Legal Obligations
If required by law, court order, or governmental regulation, including healthcare reporting requirements.

3.4 Business Transactions
In connection with a merger, sale, or transfer of all or part of our business, with appropriate safeguards for data security and confidentiality.

4. Data Retention

We retain your data in accordance with applicable laws and regulations:

  • Account and Clinic Information: Retained for the duration of your use of our Service plus a reasonable period thereafter for backups, archiving, and legal purposes.
  • Patient Information: Retained according to applicable healthcare records retention laws (typically 7-10 years, or as required by local regulations) unless otherwise directed by the healthcare provider.
  • Financial Records: Retained as required by tax and accounting regulations.

Healthcare providers using our platform should consult their own legal advisors regarding appropriate retention periods for medical records in their jurisdiction.

5. Data Security

We implement comprehensive security measures designed to protect healthcare data, including:

  • End-to-end encryption for data transmission
  • Advanced encryption for data at rest
  • Role-based access controls
  • Multi-factor authentication
  • Regular security audits and penetration testing
  • Employee security training
  • Physical and technical safeguards for our infrastructure
  • Continuous monitoring for unauthorized access attempts

While we implement extensive security measures aligned with healthcare industry standards, no system is completely secure, and we cannot guarantee absolute security.

6. Your Rights

Depending on your location and role (clinic administrator, practitioner, or patient), you may have different rights regarding your data:

6.1 For Clinic Administrators and Staff

  1. Access: Request a copy of the personal data we hold about you.
  2. Correction: Request corrections to inaccurate or incomplete information.
  3. Deletion: Request the deletion of your account data (subject to legal or contractual obligations).
  4. Portability: Request your data in a portable format.
  5. Opt-Out: Opt out of marketing communications.

6.2 For Patients

Patient rights are primarily managed by the healthcare provider (the clinic). Patients should contact their healthcare provider directly to exercise their rights regarding their health information. However, in certain jurisdictions, we may facilitate such requests in coordination with the healthcare provider.

6.3 Additional Rights in Specific Regions

European Economic Area (GDPR): Additional rights may include restriction of processing and objection to processing.
California (CCPA/CPRA): Additional rights regarding personal information disclosure and non-discrimination.
Other regions: Additional rights as provided by applicable local laws.

To exercise your rights as a clinic or staff member, contact us at [email protected]. For patient data requests, please contact your healthcare provider directly.

7. Cookies and Tracking Technologies

CLINICORGANIZE uses cookies and similar tracking technologies to:

  1. Enhance your user experience and maintain secure sessions.
  2. Analyze Service usage through anonymized and aggregated data.
  3. Improve platform performance and functionality.
  4. Deliver relevant content and features.

Our use of cookies is designed to protect privacy in a healthcare context. For details about our cookie practices, please see our Cookie Policy.

8. International Data Transfers

If you are located outside the UK, your data may be transferred to and processed in a different country where data protection laws may differ. We implement appropriate safeguards for international data transfers, including:

  • Standard Contractual Clauses approved by the European Commission
  • Data Processing Agreements with appropriate safeguards
  • Limiting transfers to countries with adequate data protection as determined by applicable authorities
  • Additional measures as required for healthcare data under applicable laws

By using the Service, you acknowledge these transfers subject to the safeguards described.

9. Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for their privacy practices, and we encourage you to review their policies.

9. Healthcare Compliance

As a provider of clinic management software, we maintain compliance with relevant healthcare privacy and security regulations, including:

  • HIPAA: For customers in the United States, we act as a Business Associate and comply with the Health Insurance Portability and Accountability Act.
  • GDPR: We adhere to General Data Protection Regulation requirements for healthcare data processing in the European Economic Area.
  • UK Data Protection Act: We maintain compliance with UK-specific healthcare data protection requirements.
  • Additional regulations: We monitor and implement compliance with other applicable regional healthcare privacy regulations.

Healthcare providers using our platform remain responsible for their own regulatory compliance. We provide tools designed to assist providers in meeting their compliance obligations but do not provide legal advice regarding regulatory requirements.

10. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. Updates will be posted on this page with a revised "Last Updated" date. Significant changes will be communicated through the Service or via email.

For changes related to healthcare data processing, we will provide advance notice when possible and ensure continuing compliance with applicable regulations.

Continued use of the Service after policy changes constitutes acceptance of the updated terms.

11. Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us at:

Email: [email protected]
Phone: +44 7493 759798
Address: Old Sorting House, 46 Essex Rd, London, N1 8LN, UK

By using CLINICORGANIZE, you acknowledge that you have read and understood this Privacy Policy.

Privacy and Cookie Policy

We use cookies to improve your experience, analyze site traffic, and personalize content. By continuing to use our site, you consent to our use of cookies as described in our Cookie Policy and Privacy Policy. This site is intended for healthcare professionals and clinic administrators.