Privacy Policy

1. Introduction and Scope

ClarioScope AI, Inc. ("ClarioScope AI," "we," "us," or "our") is a healthcare practice growth platform headquartered in Miami, Florida. This Privacy Policy describes how we collect, use, disclose, retain, and protect information about you when you visit our website at clarioscope.ai, use our platform (including the diagnostic scan tool, growth dashboard, AI Receptionist, and related modules), or otherwise interact with us.

This Policy applies to all users of our public website and our client portal, including healthcare practice administrators, authorized staff members, and prospective clients who complete our free diagnostic scan. It does not apply to third-party websites or services linked from our platform. This Policy supplements — and does not replace — our Business Associate Agreement (BAA) and HIPAA Compliance Notice, which govern our handling of Protected Health Information (PHI).

By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please discontinue use of the Services and contact us at privacy@clarioscope.ai to request deletion of any data we may have collected.

2. Information We Collect

2.1 Information You Provide Directly

We collect information you voluntarily provide to us, including when you:

• Account registration: Name, email address, phone number, practice name, specialty, NPI number (optional), and password.
• Diagnostic scan: Practice website URL, physical address, Google Business Profile name, and self-reported operational details.
• Billing: Payment method details (processed by Stripe — we store only the last 4 digits and card type), billing address, and tax ID where applicable.
• Support communications: Messages, attachments, and call recordings submitted through our support channels.
• Marketing materials: Content, images, testimonials, and practice-specific information you upload or approve for use in campaigns.

2.2 Information Collected Automatically

When you access our website or platform, we automatically collect:

• Log data: IP address, browser type, operating system, referring URLs, pages viewed, and timestamps.
• Device information: Device type, screen resolution, and unique device identifiers.
• Usage data: Features used, clicks, navigation paths, session duration, and error events within the platform.
• Cookies and tracking technologies: See Section 8 for a full description of the cookies we use.

2.3 Protected Health Information (PHI)

3. How We Use Your Information

3.1 Service Delivery

We use your information to provide, operate, maintain, and improve the ClarioScope AI platform, including generating diagnostic scan results, building practice growth dashboards, deploying marketing campaigns, managing reputation monitoring, and operating the AI Receptionist on your behalf.

3.2 Communication

We use your contact information to send transactional emails (account confirmations, billing receipts, password resets), service notifications, onboarding materials, campaign status updates, and responses to your support inquiries. These communications are necessary for the operation of your account and cannot be opted out of while your account is active.

3.3 Analytics and Platform Improvement

We analyze aggregated and de-identified usage data to understand how our platform is used, identify features that perform well or need improvement, benchmark practice growth metrics across our client base, and develop new capabilities. Individual clients are never identified in aggregate analyses shared externally.

3.4 Marketing Communications (HIPAA Marketing Compliance)

With your consent, we send educational content, product updates, case studies, and promotional offers relevant to practice growth. All marketing emails include a one-click unsubscribe link. We do not use PHI for marketing purposes without a valid HIPAA-compliant authorization from the affected individual. Healthcare marketing on behalf of our clients follows FTC endorsement guidelines and applicable state regulations.

3.5 Legal and Compliance

We may use your information to enforce our Terms of Service, comply with applicable laws and regulations, respond to legal process, protect our legal rights, detect and prevent fraud and security incidents, and resolve disputes.

3.6 What We Do NOT Do

• We do not sell your personal information to any third party.
• We do not use your data to train general-purpose AI models without your explicit consent.
• We do not share client data with competitors or industry aggregators.
• We do not use PHI for marketing or analytics without HIPAA-compliant authorization.
• We do not engage in automated decision-making that produces legal or similarly significant effects on individuals without human review.

4. Data Sharing and Third Parties

4.1 Service Providers

We share data with the following categories of third-party service providers who process data on our behalf under contractual obligations consistent with this Policy:

4.2 Legal Disclosures

We may disclose your information if required by law, court order, subpoena, or other governmental request; to comply with regulatory obligations; to protect the rights, property, or safety of ClarioScope AI, our clients, or the public; or to detect and prevent fraud or security incidents.

4.3 Business Transfers

In the event of a merger, acquisition, asset sale, or bankruptcy, your information may be transferred to the acquiring entity, subject to the same privacy protections described in this Policy. We will provide thirty (30) days' prior notice to affected clients and obtain appropriate data transfer agreements.

4.4 Aggregated and De-identified Data

We may share aggregated, anonymized, and de-identified data (e.g., industry benchmarks, average new patient acquisition rates by specialty) that cannot reasonably be used to identify you or your practice. This data is not "personal information" under applicable privacy laws.

5. Data Retention

We retain your information for as long as necessary to provide the Services and fulfill the purposes described in this Policy, subject to the following retention schedules:

• Client account and service data: Retained for 7 years following the end of the service relationship, in accordance with HIPAA record retention requirements (45 C.F.R. § 164.530(j)) and applicable state laws.
• Analytics and usage data: Retained for 2 years from collection, after which it is aggregated or deleted.
• Prospect and lead data: Retained for 2 years from first contact or last engagement, whichever is later.
• Security and access logs: Security audit logs are retained for 6 years per HIPAA requirements. Application access logs are retained for 1–2 years.
• User-initiated deletion: Upon receipt of a verified deletion request, we will delete or anonymize your personal information within 30 days, except where retention is required by law or necessary to resolve a dispute or enforce our agreements. We will confirm deletion in writing.

6. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information. We will respond to verified requests within thirty (30) days (or forty-five (45) days where an extension is permitted by law).

7. Security Measures

We implement industry-standard and HIPAA-required security controls to protect your personal information against unauthorized access, disclosure, alteration, and destruction.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies (web beacons, pixels) on our website and platform. You can manage cookie preferences through our consent banner or your browser settings.

9. Marketing Communications and CAN-SPAM

All marketing communications from ClarioScope AI comply with the CAN-SPAM Act, TCPA (for SMS), and applicable state laws.

• Email: All marketing emails clearly identify ClarioScope AI as the sender, include our physical mailing address, and contain a functional one-click unsubscribe link. We honor unsubscribe requests within 10 business days.
• SMS: We only send SMS to individuals who have expressly consented. Reply STOP at any time to opt out. Message and data rates may apply.
• Push notifications: Browser push notifications require your explicit opt-in permission and can be revoked through your browser settings at any time.
• Preference center: Manage all communication preferences (email frequency, topic categories, SMS, push) in your account settings under "Notifications."

10. International Data Transfers

ClarioScope AI stores and processes all data on servers located in the United States. If you access our Services from outside the United States, your information will be transferred to and processed in the U.S., which may have data protection laws that differ from those in your country.

For transfers from the European Economic Area or the United Kingdom, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or other appropriate safeguards as required by applicable law. We will rely on adequacy decisions where available. By using our Services, you consent to your information being transferred to the U.S. as described in this Policy.

11. Children's Privacy

Our Services are not directed to individuals under the age of 13, and we do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information as quickly as possible. If you believe we may have collected information from a child under 13, please contact us at privacy@clarioscope.ai.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. For material changes, we will provide at least thirty (30) days prior notice via email to the address associated with your account and by posting a prominent notice on our website. Non-material changes (e.g., clarifications, typographical corrections) will be effective immediately upon posting.

Each version of this Policy includes a "Last updated" date at the top. We maintain a version history available upon request. Your continued use of the Services following the notice period constitutes your acceptance of the updated Policy.

13. HIPAA Business Associate Agreement

For clients who use ClarioScope AI services that involve the handling of Protected Health Information (PHI), our Business Associate Agreement (BAA) governs our obligations as a HIPAA Business Associate and supersedes this Privacy Policy with respect to PHI. Clients using the AI Receptionist or appointment scheduling data integrations are required to execute a BAA prior to enabling those features. Please review the BAA and our HIPAA Compliance Notice for complete information on how we protect PHI.

14. Contact Information

15. Acknowledgments and Compliance Framework

ClarioScope AI's privacy and data practices are designed to comply with the following regulatory frameworks. Our compliance program is reviewed and updated at least annually by our Privacy Officer and legal counsel.