Privacy Policy

1. Introduction

ClinicCue ("we," "our," or "us") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use our patient queue management platform ("Service"). We are committed to compliance with the Health Insurance Portability and Accountability Act (HIPAA) and other applicable healthcare privacy regulations.

2. HIPAA Compliance

ClinicCue is designed to be used in healthcare environments and handles Protected Health Information (PHI). We implement administrative, physical, and technical safeguards as required by HIPAA, including:

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
• Role-based access controls ensuring staff only access their office's data
• Multi-tenant architecture with strict data isolation between offices
• Audit logging of all data access and modifications
• Automatic session management with configurable timeouts
• Business Associate Agreements (BAAs) available upon request

3. Information We Collect

We collect information necessary to provide our patient queue management service:

• Account Information: Name, email address, office name, and role (admin/staff)
• Patient Information: Patient names, procedures, estimated durations, room assignments, appointment dates, and clinical notes entered by authorized staff
• Usage Data: Login timestamps, session activity, and queue management actions for audit purposes
• Technical Data: Browser type, device information, and IP addresses for security monitoring

4. How We Use Your Information

• Providing and maintaining the patient queue management service
• Authenticating users and enforcing access controls
• Generating performance analytics for your office
• Improving our service and user experience
• Complying with legal and regulatory requirements

5. Data Sharing and Disclosure

We do not sell, rent, or share your personal information or PHI with third parties for marketing purposes. We may share data only:

• With authorized members of your office as permitted by your admin
• With our infrastructure providers under Business Associate Agreements
• When required by law, regulation, or legal process
• To protect the safety and security of our users and service

6. Data Security

We employ industry-standard security measures including encrypted data transmission, secure server infrastructure hosted on HIPAA-compliant cloud services (AWS), regular security assessments, and employee training on data handling procedures.

7. Data Retention

Patient queue data is retained in accordance with applicable healthcare record retention requirements. Office administrators may delete patient records as permitted by their organization's policies. Account information is retained for the duration of the service relationship.

8. Payment Information

Subscription payments are processed securely by Stripe, Inc., a PCI-DSS Level 1 certified payment processor. Important details regarding payment data:

• We do not store, process, or have access to your full credit card number, CVV, or expiration date
• Stripe handles all payment data in compliance with PCI-DSS standards
• We store only a reference identifier (Stripe customer ID and subscription ID) to manage your subscription
• Billing email and plan selection are stored in our system for account management
• For Stripe's privacy practices, please review Stripe's Privacy Policy

9. Your Rights

You have the right to access, correct, or request deletion of your personal information. Office administrators can manage user accounts and patient data within their organization. For requests regarding PHI, please contact your healthcare provider directly.

10. Contact Us

For privacy-related inquiries, HIPAA compliance questions, or to request a Business Associate Agreement: