Privacy Policy

  1. Overview

ClinicDesk, Inc. (“ClinicDesk,” “we,” “us,” or “our”) provides AI‑powered tools to help outpatient clinics with medical coding, claims, and revenue cycle workflows (the “Services”).

This Privacy Policy explains how we collect, use, and share information when you visit clinicdesk.com, use our applications, or otherwise interact with the Services. By using the Services, you agree to the practices described here. If you do not agree, please do not use the Services.

This Privacy Policy is intended to work together with our Terms of Service. If you use the Services on behalf of a clinic or other organization, you are responsible for ensuring that you have all necessary rights and consents to share data with us.

  1. Information We Collect

We collect information in three main ways:

a. Information you provide directly

This includes:

  • Account and contact information, such as name, email address, phone number, clinic name, and role.
  • Billing information, such as payment method details, billing contact, and transaction history (processed via our payment providers).
  • Support and communication data, such as messages you send us, survey responses, or feedback about the Services.

b. Information we process on behalf of clinics

Clinics may submit patient, claims, and operational data into the Services (“Customer Data”). Customer Data may include protected health information (“PHI”) as defined under HIPAA when our customer is a covered entity or business associate.

We process Customer Data solely to provide and support the Services, as described in our agreements with the clinic (including any Business Associate Agreement, where applicable).

c. Information we collect automatically

When you access or use the Services, we may automatically collect:

  • Device and usage information, such as IP address, browser type, operating system, pages viewed, and timestamps.
  • Log data, including diagnostic and performance information.
  • Cookie and similar technology data, such as identifiers that help us remember your preferences, maintain sessions, and understand how the Services are used.
  1. How We Use Information

We use the information we collect for the following purposes:

  • To provide, operate, and maintain the Services.
  • To configure and improve coding rules, logic, and workflows for clinics.
  • To communicate with you, including sending service‑related notices, updates, and responses to your requests.
  • To support security, fraud prevention, and abuse detection.
  • To analyze usage and improve the performance, features, and user experience of the Services.
  • To comply with legal obligations and enforce our Terms of Service and other agreements.

When we handle Customer Data that includes PHI, we do so only as permitted by the applicable Business Associate Agreement and HIPAA.

  1. Legal Bases (for users in certain regions)

Where required by law (for example, in the European Economic Area or United Kingdom), we rely on one or more of the following legal bases to process personal data:

  • Performance of a contract (to provide the Services).
  • Legitimate interests (such as securing and improving the Services).
  • Compliance with legal obligations.
  • Consent, where we specifically request and you provide it.
  1. How We Share Information

We do not sell personal information or Customer Data. We may share information in these limited situations:

  • Service providers: With trusted vendors and service providers who perform services on our behalf (such as hosting, analytics, email delivery, and payment processing). They are allowed to use the information only as needed to provide services to us.
  • Clinics and authorized users: Within the clinic’s account, Customer Data and related reports may be visible to authorized users designated by the clinic.
  • Legal and safety: When we believe disclosure is reasonably necessary to comply with law, regulation, legal process, or government request; to protect the rights, property, or safety of ClinicDesk, our users, patients, or the public; or to enforce our terms and agreements.
  • Business transfers: As part of any merger, acquisition, financing, or sale of all or a portion of our business, in which case we will take steps to require the recipient to honor this Privacy Policy or a policy with similar protections.

We may share aggregated or de‑identified information that does not reasonably identify a specific individual or clinic, for example to describe usage trends or improve our models.

  1. Cookies and Similar Technologies

We and our service providers may use cookies, web beacons, and similar technologies to:

  • keep you signed in,
  • remember your preferences,
  • understand how the Services are used, and
  • measure the effectiveness of our communications.

You can usually adjust your browser settings to refuse cookies or alert you when cookies are being sent. If you disable cookies, some features of the Services may not function properly.

  1. Data Security

We implement administrative, technical, and physical safeguards designed to protect the information we process. These may include encryption in transit, access controls, and logging.

However, no security measures are perfect, and we cannot guarantee that information will never be accessed, disclosed, or lost in a way that is inconsistent with this Privacy Policy. You are responsible for using strong passwords, keeping your credentials confidential, and notifying us promptly of any suspected unauthorized access to your account.

  1. Data Retention

We retain personal information and Customer Data for as long as reasonably necessary to:

  • provide the Services,
  • comply with legal and regulatory obligations,
  • resolve disputes, and
  • enforce our agreements.

Retention periods may differ depending on the type of data and our relationship with the clinic. Where we act as a business associate or processor, we follow the data retention and deletion terms agreed with the clinic.

  1. Your Choices and Rights

Depending on your location and relationship with us, you may have certain rights regarding your personal information, such as:

  • Accessing the personal information we hold about you.
  • Requesting correction of inaccurate information.
  • Requesting deletion of certain information, subject to our legal obligations.
  • Objecting to or restricting certain types of processing.
  • Withdrawing consent where we rely on consent (this will not affect prior processing).

If you are an end user of a clinic that uses ClinicDesk (for example, a patient), your primary relationship is with that clinic. In many cases we can only act on your request by working with the clinic, and we may direct you to contact them.

To exercise your rights, please contact us using the information in the “Contact Us” section below. We may request information to verify your identity before responding.

  1. Clinics, PHI, and HIPAA

When we provide Services to a clinic that is a covered entity or business associate under HIPAA, we may sign a Business Associate Agreement (BAA) that governs our handling of PHI. In the event of a conflict between this Privacy Policy and a signed BAA regarding PHI, the BAA will control with respect to PHI.

Clinics are responsible for:

  • determining the lawful basis for processing patient data;
  • providing appropriate privacy notices to their patients; and
  • obtaining any required consents or authorizations.
  1. International Data Transfers

ClinicDesk is based in the United States, and information may be stored and processed in the United States and other countries. These locations may have data protection laws that differ from those in your jurisdiction.

When we transfer personal data internationally, we take steps to implement appropriate safeguards as required by applicable law.

  1. Children’s Privacy

The Services are not directed to individuals under 18, and we do not knowingly collect personal information directly from children under 18. If we become aware that we have collected such information without appropriate consent, we will take steps to delete it.

  1. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date above and, where required by law, provide additional notice (for example, by email or in‑app).

Your continued use of the Services after any changes become effective means you accept the updated Privacy Policy. If you do not agree, you should stop using the Services.

  1. Contact Us

If you have questions about this Privacy Policy or our privacy practices, contact us at:

ClinicDesk, Inc.
Email: support@clinicdesk.com

Get my free past 60 day analysis report

No sales call or credit card required. Try our software for yourself!

Thank you! Please check your email, we'll be in touch soon.
Oops! Something went wrong while submitting the form.