Privacy Policy

Effective date:

Jun 30, 2024

PRIVACY POLICY

Clear Health LLC
Effective Date: January 1, 2025

1. OVERVIEW

Clear Health LLC ("Company," "we," "us," or "our") operates the ClearDesk AI receptionist platform. This Privacy Policy explains how we collect, use, protect, and disclose information when you use our Services.

Our Commitment: We are committed to protecting your privacy and maintaining the security of all information entrusted to us, especially in healthcare environments where privacy is paramount.

2. INFORMATION WE COLLECT

2.1 Account and Business Information When you create an account, we collect:

  • Business name, address, and contact details

  • Account holder name, email, and phone number

  • Business license information and professional credentials

  • Payment method and billing information

  • Integration credentials for phone systems and third-party services

2.2 Call Data and Voice Information Through our AI receptionist services, we process:

  • Call Recordings: Audio recordings of calls handled by our AI

  • Call Transcriptions: Text versions of voice interactions

  • Call Metadata: Phone numbers, call duration, timestamps, call outcomes

  • Conversation Analytics: AI-generated summaries, sentiment analysis, and performance metrics

  • Caller Information: Names, contact details, and other information shared during calls

2.3 Technical and Usage Data We automatically collect:

  • Device information and browser type

  • IP addresses and geographic location data

  • Service usage patterns and feature utilization

  • System performance and error logs

  • Security event logs and access patterns

2.4 Healthcare Information (When Applicable) For healthcare customers, call data may include Protected Health Information (PHI) such as:

  • Patient names and contact information

  • Appointment details and scheduling information

  • Basic health-related inquiries (symptoms, appointment reasons)

  • Insurance information shared during calls

3. HOW WE USE YOUR INFORMATION

3.1 Service Delivery

  • Process and route incoming calls through AI receptionists

  • Generate call summaries and action items

  • Integrate with your calendar, CRM, and business systems

  • Provide real-time analytics and reporting

  • Deliver customer support and account management

3.2 AI Training and Improvement

  • Train and improve AI models using de-identified call data

  • Enhance natural language processing capabilities

  • Develop new features and service improvements

  • Create industry benchmarks and analytics (in aggregate form only)

3.3 Security and Compliance

  • Monitor for fraud, security threats, and unauthorized access

  • Ensure compliance with healthcare and telecommunications regulations

  • Conduct security audits and incident response

  • Maintain data integrity and backup systems

3.4 Business Operations

  • Process payments and manage billing

  • Send service updates and important notices

  • Provide customer support and technical assistance

  • Comply with legal obligations and regulatory requirements

4. DATA SHARING AND DISCLOSURE

4.1 We DO NOT Sell Personal Information We never sell, rent, or trade your personal information or call data to third parties for marketing purposes.

4.2 Service Providers and Partners We may share information with trusted third parties who help us operate our Services:

  • Cloud Infrastructure Providers: AWS, Google Cloud (with appropriate safeguards)

  • Telecommunications Partners: For call routing and connectivity

  • Analytics Services: For aggregated, de-identified usage analytics

  • Security Vendors: For monitoring and incident response

  • Payment Processors: For billing and subscription management

All third parties are bound by strict confidentiality agreements and data protection requirements.

4.3 Legal Compliance and Safety We may disclose information when required to:

  • Comply with legal obligations, court orders, or government requests

  • Protect the safety and security of our users and Services

  • Investigate fraud, security incidents, or Terms of Service violations

  • Defend our legal rights in disputes or litigation

4.4 Business Transfers In the event of a merger, acquisition, or asset sale, user information may be transferred as part of the transaction, subject to the same privacy protections.

5. HEALTHCARE PRIVACY (HIPAA COMPLIANCE)

5.1 Business Associate Relationship For healthcare customers processing PHI, we act as a Business Associate under HIPAA:

  • Separate Business Associate Agreement (BAA) governs PHI processing

  • PHI is processed only as necessary to provide contracted services

  • We maintain appropriate administrative, physical, and technical safeguards

  • PHI access is limited to authorized personnel on a need-to-know basis

5.2 Patient Rights Patients whose PHI is processed through our Services have rights under HIPAA, including:

  • Right to access their PHI (requests must go through the healthcare provider)

  • Right to request amendments or corrections

  • Right to request restrictions on use and disclosure

  • Right to receive notice of privacy practices

5.3 PHI Safeguards

  • All PHI is encrypted in transit and at rest using AES-256 encryption

  • Access controls and audit logs track all PHI interactions

  • Regular risk assessments and security updates

  • Incident response procedures for any potential breaches

6. DATA SECURITY MEASURES

6.1 Technical Safeguards

  • Encryption: End-to-end encryption for all data transmission and storage

  • Access Controls: Multi-factor authentication and role-based access

  • Network Security: Firewalls, intrusion detection, and VPN protection

  • Data Backup: Geographically distributed backups with point-in-time recovery

6.2 Administrative Safeguards

  • Regular security training for all employees

  • Background checks for personnel with data access

  • Incident response and breach notification procedures

  • Third-party security audits and compliance certifications

6.3 Physical Safeguards

  • Secure data centers with 24/7 monitoring

  • Biometric access controls and visitor management

  • Environmental controls and redundant power systems

  • Secure equipment disposal and media sanitization

7. YOUR PRIVACY RIGHTS

7.1 Access and Correction You have the right to:

  • Access personal information we hold about you

  • Request corrections to inaccurate or incomplete information

  • Download your data in portable formats

  • Request deletion of your account and associated data

7.2 Data Portability and Deletion

  • Export your call data, transcriptions, and account information

  • Request permanent deletion of your data (subject to legal retention requirements)

  • Receive confirmation when deletion is complete

7.3 Communication Preferences

  • Opt out of marketing communications (service notices will continue)

  • Choose notification preferences for account updates

  • Request specific communication methods for sensitive information

7.4 State-Specific Rights California Residents (CCPA/CPRA):

  • Right to know what personal information is collected and how it's used

  • Right to delete personal information

  • Right to opt-out of sale of personal information (we don't sell data)

  • Right to non-discrimination for exercising privacy rights

EU/UK Residents (GDPR):

  • Right to access, rectify, erase, or restrict processing

  • Right to data portability and objection to processing

  • Right to withdraw consent where processing is based on consent

  • Right to lodge complaints with supervisory authorities

8. DATA RETENTION

8.1 General Retention Periods

  • Call Recordings: 7 years for healthcare customers, 3 years for others

  • Account Information: Duration of service plus 7 years

  • Technical Logs: 2 years for security and compliance

  • Marketing Data: Until opt-out or account deletion

8.2 Legal and Compliance Requirements Retention periods may be extended to comply with:

  • Healthcare record-keeping requirements

  • Legal holds and litigation obligations

  • Regulatory investigations or audits

  • Tax and financial record requirements

9. INTERNATIONAL DATA TRANSFERS

9.1 Data Processing Location

  • Primary data processing occurs within the United States

  • Cloud infrastructure may utilize multiple geographic regions for redundancy

  • International customers may request data localization for additional fees

9.2 Cross-Border Transfer Safeguards For international transfers, we implement appropriate safeguards:

  • Standard Contractual Clauses (SCCs) for EU data transfers

  • Adequacy decisions where available

  • Additional security measures for sensitive data types

10. CHILDREN'S PRIVACY

Our Services are not directed to individuals under 18. We do not knowingly collect personal information from children. If we discover we have collected information from a child, we will delete it immediately and terminate any associated account.

11. COOKIES AND TRACKING TECHNOLOGIES

11.1 Types of Cookies

  • Essential Cookies: Required for basic website functionality

  • Analytics Cookies: Help us understand how users interact with our Services

  • Preference Cookies: Remember your settings and preferences

11.2 Cookie Management You can control cookies through your browser settings. Disabling essential cookies may affect website functionality.

12. PRIVACY POLICY UPDATES

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will:

  • Post updated policies on our website with a new effective date

  • Provide 30 days notice for material changes

  • Obtain new consent where required by law

  • Maintain previous versions for reference

13. CONTACT INFORMATION

Privacy Questions and Requests:

  • Email: contact@cleardesk.app

  • Data Protection Officer: contact@cleardesk.app

  • Mail: Clear Health LLC, Privacy Office, [Business Address]

Customer Support:

  • General Support: support@cleardesk.app

  • Healthcare/HIPAA Issues: hipaa@cleardesk.app

Response Time: We respond to privacy requests within 30 days (or as required by applicable law).

14. REGULATORY COMPLIANCE

This Privacy Policy complies with:

  • Health Insurance Portability and Accountability Act (HIPAA)

  • California Consumer Privacy Act (CCPA/CPRA)

  • General Data Protection Regulation (GDPR)

  • Telephone Consumer Protection Act (TCPA)

  • Children's Online Privacy Protection Act (COPPA)

  • State data breach notification laws

Last Updated: January 1, 2025

This Privacy Policy is effective immediately upon posting. Your continued use of our Services constitutes acceptance of this policy and any updates.