Privacy policy.

Your privacy is important to us.

 

Clinic Commerce Inc. (“CCI”)
Effective Date: July 1, 2025

Clinic Commerce Inc. (“Clinic Commerce”, “CCI”, “we,” “us,” or “our”) recognizes the importance of privacy and is committed to maintaining the confidentiality, integrity, and security of the personal, organizational, and transactional data it handles through its Services.

This Privacy Policy explains how we collect, use, disclose, and protect your information when you interact with our platform.

1. Information We Collect

We collect the following categories of information:

  • Account & Contact Information: Name, email, clinic name, title, phone number

  • Usage Data: Device type, browser, IP address, timestamps, pages visited

  • Operational Data: Clinic configurations, fulfillment volumes, preferences

  • Non-PHI Metadata: Script routing data (without PHI), fulfillment outcomes

We do not collect, store, or transmit PHI on our servers. All prescription and patient-specific data is transmitted securely via our partner integrations to licensed pharmacies.

2. Purpose of Collection

We collect and use data for the following purposes:

  • Provision and maintenance of Services

  • Communication with clinic teams and administrators

  • Billing and usage analytics

  • Security, risk detection, and fraud prevention

  • Product enhancement and feature development

3. Data Sharing and Disclosure

We do not sell, lease, or license your information to third parties. We may share data only under the following limited circumstances:

  • Pharmacy Partners: Script metadata is securely routed to fulfill prescriptions

  • Infrastructure Providers: For cloud hosting, error tracking, and performance monitoring

  • Legal Authorities: If compelled by applicable law, subpoena, or governmental request

4. Regulatory Compliance

Clinic Commerce complies with:

  • PIPEDA (Canada): Including data minimization, consent, and breach notification requirements

  • HIPAA (USA): No PHI is stored; all transmission paths are secured and signed under Business Associate Agreements (BAAs) where applicable

5. Your Rights

Subject to jurisdiction, you may:

  • Request access to personal or clinic data

  • Request correction of inaccurate information

  • Request deletion of specific data (subject to service obligations)

  • Withdraw consent for non-essential data uses

All requests may be submitted to privacy@cliniccommerce.com. We respond within 30 business days.

6. Data Retention

We retain operational and business data only as long as necessary to deliver Services or as required under applicable law or financial recordkeeping obligations.

7. Security Measures

Clinic Commerce employs industry-standard technical, administrative, and physical safeguards including:

  • TLS/SSL encryption

  • Multi-factor authentication

  • Zero-storage architecture for PHI

  • Firewall-protected hosting environments

8. International Considerations

Our platform may be accessed from the United States and Canada. Data may be stored in either jurisdiction under applicable safeguards. All cross-border processing complies with privacy regulations of the originating country.

9. Children’s Privacy

Clinic Commerce does not knowingly collect or solicit data from individuals under the age of 18. If such data is discovered, it will be deleted promptly.

10. Updates to this Policy

We may revise this Privacy Policy periodically. The “Last Updated” date will reflect the most recent version. Continued use of the Services constitutes acceptance of changes.

11. Contact

For privacy-related questions, concerns, or complaints, contact:
team@cliniccommerce.com