ClinicX LogoClinicX

Privacy Policy

Effective Date: May 13, 2026

Last Updated: May 13, 2026

ClinicX ("ClinicX," "we," "us," or "our") operates the website https://clinicx.io and provides a HIPAA-compliant healthcare software platform for clinics and healthcare professionals (the "Service").

This Privacy Policy explains how we collect, use, disclose, and protect personal data, mobile information, and health information when you use ClinicX.

ClinicX is designed for healthcare professionals and clinics and follows HIPAA, GDPR, and industry-standard data protection principles.

1. Information We Collect

1.1 Personal Information

We collect the following personal information when you create an account, book a demo, fill out a contact form, engage with our advertising, or use the Service:

  • Full name
  • Email address
  • Mobile phone number (where provided)
  • Clinic or organization name
  • Profile information (such as role or clinic affiliation)
  • Authentication data when signing in using Google OAuth
  • SMS opt-in consent records (including timestamp, opt-in source, and method of consent)

1.2 Health & Appointment Information

ClinicX processes healthcare-related data strictly on behalf of clinics and authorized healthcare professionals, including:

  • Appointment details (date, time, duration)
  • Scheduling metadata
  • Non-diagnostic administrative notes related to appointments

ClinicX does not provide medical diagnosis or treatment and only processes data required for operational and scheduling purposes.

1.3 Google Calendar Data

If you connect your Google account, ClinicX may access:

  • Google account email and basic profile information
  • List of calendars selected by you
  • Calendar availability (free/busy information)
  • Calendar event details necessary for appointment synchronization

Calendar access is explicitly user-authorized and limited to the scopes approved during Google OAuth consent.

1.4 Automatically Collected Information

We automatically collect:

  • IP address
  • Browser and device information
  • Log data and usage analytics
  • Session identifiers and cookies

2. How We Use Information

ClinicX uses collected data solely to:

  • Provide secure appointment scheduling and calendar synchronization
  • Prevent double-booking and scheduling conflicts
  • Authenticate users and manage accounts
  • Synchronize appointments between ClinicX and connected calendars
  • Maintain platform security, auditability, and compliance
  • Provide customer support and service communications
  • Deliver SMS text messages that recipients have expressly opted in to receive (as described in Section 3 below)
  • Process verbal, written, and electronic opt-in consent records for regulatory compliance

We do not use personal data, mobile information, or calendar data for third-party advertising, profiling, or sale.

3. SMS and Text Messaging

ClinicX sends SMS text messages only to business contacts (clinic owners, administrators, and staff) who have provided express written or verbal consent through one of our designated opt-in channels described in Section 3.2 below.

3.1 Mobile Information We Collect for SMS

When you opt in to receive SMS messages from ClinicX, we collect:

  • Your mobile phone number
  • A record of your consent, including the timestamp, the opt-in channel (web form, lead ad, verbal opt-in, or contract), and the specific disclosure language shown or read to you at the time
  • Your SMS interaction history with ClinicX, including message delivery status, replies, opt-out requests, and HELP requests

3.2 How You Can Opt In

You may opt in to receive SMS messages from ClinicX through any of the following channels:

  • Completing the demo request form at https://clinicx.io/book-demo and selecting one or both unchecked SMS consent checkboxes
  • Submitting your information through a lead generation form served via ClinicX advertising on Meta, TikTok, or similar platforms, with the same separate optional consent checkboxes
  • Providing verbal consent during a recorded sales call after the ClinicX representative has read the required SMS disclosure script
  • Executing a ClinicX service agreement, which contains an explicit clause authorizing transactional and operational SMS communications related to your account

You may opt in to marketing messages, transactional messages, both, or neither. Marketing consent and non-marketing (transactional) consent are collected through separate, unchecked checkboxes that are never required for form submission.

3.3 Types of Messages You May Receive

After opting in, you may receive any of the following message types from ClinicX, depending on which consent you provided:

  • Sales follow-ups and demo confirmations or reminders
  • Onboarding instructions and progress updates for new customers
  • Account, billing, and service notifications
  • Customer support replies to inquiries you initiate

Message frequency varies and typically does not exceed 8 messages per month. Message and data rates may apply, depending on your wireless carrier plan.

3.4 Sharing of Mobile Information

No mobile information collected through SMS opt-in will be shared with third parties or affiliates for marketing or promotional purposes at any time. Mobile phone numbers, SMS consent records, and SMS opt-in data are used solely by ClinicX to deliver the messages you have opted into and to honor your opt-out requests.

Sharing of mobile information with subprocessors who support our SMS messaging services (such as our SMS delivery provider and our CRM platform) is permitted strictly for the purpose of delivering messages and maintaining consent records, and is bound by confidentiality and data protection obligations equivalent to those described in this Privacy Policy. SMS opt-in data and consent are excluded from all other categories of data sharing described elsewhere in this Privacy Policy.

3.5 How to Opt Out

You can opt out of ClinicX SMS messages at any time by replying STOP, STOPALL, UNSUBSCRIBE, CANCEL, END, or QUIT to any ClinicX SMS message. Upon receipt, you will receive a single confirmation message and no further messages will be sent to your number. Your number will be added to our internal suppression list.

You may also request opt-out by emailing support@clinicx.io.

3.6 How to Get Help

Reply HELP to any ClinicX SMS message to receive support contact information, or email support@clinicx.io.

3.7 PHI and SMS

SMS is not a HIPAA-secure communication channel. ClinicX does not send Protected Health Information (PHI) via SMS and instructs all customers and staff not to transmit PHI through SMS. Messages sent through our SMS program are limited to business communications with clinic decision-makers and do not contain patient health information.

4. Google API Services Compliance

ClinicX's use and transfer of information received from Google APIs fully complies with the Google API Services User Data Policy, including Limited Use requirements.

Specifically:

  • Google Calendar data is used only to enable scheduling and synchronization features requested by the user
  • Data is not sold, rented, or shared with third parties for advertising purposes
  • Data is not used to train AI or machine learning models
  • Access is restricted to the minimum scopes required for core functionality
  • Users may revoke Google access at any time

5. HIPAA Compliance & Protected Health Information (PHI)

ClinicX is a HIPAA-compliant healthcare SaaS platform.

  • ClinicX acts as a Business Associate where applicable
  • All Protected Health Information (PHI) is processed solely on behalf of covered entities (clinics and healthcare providers)
  • PHI is accessed only by authorized users
  • Technical, administrative, and physical safeguards are implemented in accordance with HIPAA Security Rule requirements
  • Business Associate Agreements (BAAs) are available upon request

ClinicX does not sell, monetize, or repurpose PHI. PHI is never transmitted through SMS (see Section 3.7).

6. Legal Basis for Processing (GDPR)

For users in the UK and EU, ClinicX processes personal data under the following lawful bases:

  • Consent – when users connect Google accounts, opt in to SMS messages, or enable optional integrations
  • Contractual necessity – to provide the ClinicX Service
  • Legal obligation – compliance with healthcare and data protection laws
  • Legitimate interest – platform security, fraud prevention, and service improvement

7. Data Sharing & Disclosure

ClinicX does not sell personal data or mobile information.

Data may be shared only:

  • With infrastructure providers (secure cloud hosting, encrypted storage)
  • With subprocessors bound by confidentiality and data protection agreements
  • When required by law, court order, or regulatory authority
  • To protect the rights, safety, or security of ClinicX, clinics, or patients

All subprocessors are vetted for HIPAA and GDPR compliance.

Mobile information and SMS opt-in consent are excluded from all sharing except with subprocessors who directly support SMS delivery and consent recordkeeping, as described in Section 3.4.

8. Data Retention

  • Personal and calendar data is retained only for as long as necessary to provide the Service
  • Mobile phone numbers and SMS consent records are retained for the duration of your active relationship with ClinicX and for a reasonable period thereafter to demonstrate compliance with applicable regulations; opt-out records are retained indefinitely for suppression purposes
  • Calendar access tokens are revoked immediately when a user disconnects Google Calendar
  • Upon account termination, data is securely deleted in accordance with healthcare and telecommunications data retention requirements

9. Cookies & Tracking

ClinicX uses cookies and similar technologies strictly for:

  • Authentication and session management
  • Security and fraud prevention
  • Performance monitoring and reliability

ClinicX does not use third-party advertising cookies.

10. Data Security

ClinicX implements enterprise-grade security measures, including:

  • Encryption in transit and at rest
  • Role-based access control
  • Secure OAuth authentication
  • Audit logging and monitoring
  • Regular security reviews and vulnerability assessments

While no system is completely immune from risk, ClinicX follows industry best practices to protect user data.

11. Your Rights

Depending on jurisdiction, users may have the right to:

  • Access their personal data
  • Request correction of inaccurate information
  • Request deletion of personal data
  • Restrict or object to processing
  • Withdraw consent for integrations and SMS communications
  • File a complaint with a data protection authority

Requests can be made via the contact information below.

12. Children's Privacy

ClinicX is intended for use by licensed healthcare professionals and clinics only. ClinicX SMS messages are sent only to business contacts at U.S. clinics and are not directed to children.

We do not knowingly collect data from children under the age of 16, and we do not knowingly collect mobile phone numbers from anyone under the age of 18.

13. International Data Transfers

ClinicX may process data using secure infrastructure located in compliant jurisdictions.

All international data transfers are protected using appropriate safeguards consistent with GDPR and HIPAA requirements.

14. Contact Information

For privacy or data protection inquiries, contact:

ClinicX Privacy Team

Email: support@clinicx.io

Website: https://clinicx.io

15. Changes to This Privacy Policy

ClinicX may update this Privacy Policy from time to time.

Any changes will be published on this page and become effective immediately upon posting.

Decorative star
Decorative gear

Ready to Streamline Your Clinic?

Join thousands of healthcare professionals who have already transformed their practice.