PRIVACY POLICY

Last Updated: September 2025

Claric, LLC ("Claric," "we," "us," or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our website (the "Website") or use our AI-powered medical documentation platform (the "Platform").

1. SCOPE AND ACCEPTANCE

This Privacy Policy applies to:

• Visitors: Individuals who browse our Website
• Customers: Healthcare practices and organizations that subscribe to our Platform
• Authorized Users: Healthcare professionals authorized by Customers to use the Platform
• Patients: Individuals whose information may be processed through the Platform

By accessing our Website or Platform, you agree to this Privacy Policy. If you disagree with any terms, please discontinue use immediately.

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

Account Information:

• Name, email address, phone number
• Professional credentials and license numbers
• Practice/organization name and address
• Billing and payment information (processed by third-party providers)

Platform Data:

• Patient recordings and clinical conversations
• Medical documentation and notes
• Voice ID (with opt-in consent)
• Usage preferences and settings

2.2 Information Collected Automatically

Technical Data:

• IP address and device information
• Browser type and operating system
• Access times and referring URLs
• Platform usage statistics and performance data

Cookies and Tracking: We use essential cookies for functionality and optional analytics cookies (with consent) to improve our services.

2.3 Information from Third Parties

• EHR integration data (when authorized)
• Professional verification services
• Payment processor confirmations

3. HOW WE USE YOUR INFORMATION

3.1 Primary Uses

We use collected information to:

• Provide and maintain the Platform
• Process transactions and send related communications
• Generate AI-powered medical documentation
• Authenticate users and ensure security
• Respond to support requests
• Send service updates and important notices

3.2 Service Improvement

With appropriate safeguards, we may use information to:

• Improve AI model accuracy and performance
• Develop new features and services
• Analyze usage patterns and optimize workflows
• Conduct research (using only de-identified data)

3.3 Legal and Compliance

We may use information to:

• Comply with legal obligations
• Enforce our terms and agreements
• Protect rights, safety, and property
• Respond to lawful requests from authorities

4. DATA RETENTION AND DELETION

4.1 Configurable Retention Options

For Platform Users:

• Patient Recordings: Choose immediate deletion after processing OR retention per your settings
• Clinical Documentation: 30-day retention OR full subscription term retention
• Backup Period: Additional 7 days in backup systems after deletion

4.2 Account Data

• Active accounts: Retained during subscription term
• Closed accounts: Deleted within 90 days (except as legally required)
• De-identified data: May be retained indefinitely for product improvement

4.3 Data Export

Upon termination, we provide 30 days to export your data in standard formats.

5. HOW WE SHARE INFORMATION

5.1 We DO NOT:

• Sell personal information to third parties
• Share PHI except as permitted under HIPAA and our BAA
• Use patient data for advertising or marketing

5.2 We MAY Share Information With:

Service Providers:

• Cloud hosting (Microsoft Azure - HIPAA compliant)
• Payment processors
• Analytics services (anonymized data only)
• Professional verification services

Legal Requirements:

• When required by law, subpoena, or court order
• To protect rights, safety, or property
• In connection with legal proceedings

Business Transfers:

• During mergers, acquisitions, or asset sales (with notice)

6. PROTECTED HEALTH INFORMATION (PHI)

6.1 HIPAA Compliance

We process PHI as a Business Associate under HIPAA. Our use and disclosure of PHI is governed by:

• Our Business Associate Agreement (BAA)
• HIPAA Privacy and Security Rules
• State healthcare privacy laws

6.2 De-identification Rights

We may de-identify PHI in accordance with HIPAA standards (45 CFR §164.514). De-identified data:

• No longer constitutes PHI
• May be used to improve our AI models and services
• Cannot be re-identified to any individual

6.3 Patient Rights

Patients may request through their healthcare provider:

• Access to their health information
• Corrections to their records
• Accounting of disclosures

7. AI MODEL TRAINING AND IMPROVEMENT

7.1 How We Train Our AI

With Explicit Consent:

• Use clinical conversations to improve transcription accuracy
• Analyze documentation patterns to enhance note generation
• Train specialized medical terminology models

Always Using De-identified Data:

• Remove all personal identifiers before training
• Aggregate insights across multiple users
• Focus on medical language patterns, not individual cases

7.2 Your Control

• Opt-in/out of AI improvement programs via Platform settings
• Request deletion of your training data contributions
• Maintain full ownership of your original documentation

8. DATA SECURITY

8.1 Technical Safeguards

• 256-bit AES encryption at rest
• TLS 1.3 encryption in transit
• Multi-factor authentication available
• Regular security audits and penetration testing

8.2 Organizational Safeguards

• Employee HIPAA training and confidentiality agreements
• Principle of least privilege access controls
• Incident response and breach notification procedures
• Vendor security assessments

8.3 Compliance Certifications

• HIPAA compliant
• SOC 2 Type II (in progress)
• Annual third-party security assessments

9. YOUR PRIVACY RIGHTS

9.1 Rights You May Have

Depending on your location, you may have the right to:

• Access: Request copies of your personal information
• Correction: Update inaccurate information
• Deletion: Request removal of your information
• Portability: Receive your data in a portable format
• Objection: Opt-out of certain processing activities
• Restriction: Limit how we use your information

9.2 Exercising Your Rights

To exercise any rights, contact us at:

• Email: privacy@claric.ai

We will respond within 30 days (or as required by law).

9.3 Location-Specific Rights

California Residents (CCPA/CPRA):

• Right to know categories and purposes of data collection
• Right to non-discrimination for exercising privacy rights
• Right to opt-out of data sales (we do not sell data)

EU/UK Residents (GDPR):

• Right to lodge complaints with supervisory authorities
• Right to withdraw consent
• Rights related to automated decision-making

10. CHILDREN'S PRIVACY

The Platform is not intended for individuals under 18. We do not knowingly collect information from minors except:

• Patient information processed by healthcare providers with appropriate consents
• As permitted under HIPAA for treatment purposes

11. INTERNATIONAL DATA TRANSFERS

Data may be processed in the United States. We ensure appropriate safeguards through:

• Standard contractual clauses
• Encryption and security measures
• Compliance with applicable transfer mechanisms

12. THIRD-PARTY LINKS

Our Website may contain links to third-party sites. We are not responsible for their privacy practices. Please review their policies before providing information.

13. COOKIE POLICY

13.1 Essential Cookies

Required for Platform functionality (authentication, security, preferences)

13.2 Analytics Cookies

Optional cookies to understand usage and improve services (with consent)

13.3 Managing Cookies

• Browser settings to block/delete cookies
• Platform cookie preferences panel
• Note: Disabling essential cookies may impact functionality

14. CHANGES TO THIS POLICY

We may update this Privacy Policy periodically. Changes will be posted with a new "Last Updated" date. Material changes will be notified via:

• Email to registered users
• Platform notification banner
• Website announcement

Continued use after changes constitutes acceptance.

15. CONTACT INFORMATION

For privacy questions, concerns, or requests:

Data Protection Officer

Claric, LLC
Email: privacy@claric.ai

Supervisory Authorities:

• US: File HIPAA complaints with HHS Office for Civil Rights
• EU: Contact your local data protection authority
• California: California Privacy Protection Agency

16. ACCESSIBILITY

This Privacy Policy is available in alternative formats upon request for individuals with disabilities.