Privacy Policy

At ChiroInABox, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our practice management platform and related services.

1. Information We Collect

1.1 Information You Provide

• Account Information: Name, email address, phone number, practice name, and billing information when you create an account
• Practice Data: Patient records, appointment information, clinical notes, billing data, and other information you enter into the platform
• Communications: Information you provide when contacting our support team or participating in surveys

1.2 Information Collected Automatically

• Usage Data: Information about how you use the platform, including features accessed, pages viewed, and actions taken
• Device Information: Device type, operating system, browser type, IP address, and unique device identifiers
• Log Data: Server logs recording access times, error logs, and system activity
• Cookies: We use cookies and similar technologies to improve functionality and user experience

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our platform and services
• Process your subscription and billing transactions
• Send you technical notices, updates, security alerts, and support messages
• Respond to your comments, questions, and customer service requests
• Monitor and analyze trends, usage, and activities to improve user experience
• Detect, investigate, and prevent fraudulent transactions and abuse
• Comply with legal obligations and enforce our Terms of Service

3. Protected Health Information (PHI)

As a business associate under HIPAA, we handle Protected Health Information (PHI) on your behalf. We:

• Only use PHI as permitted under our Business Associate Agreement
• Implement appropriate administrative, physical, and technical safeguards
• Report any security incidents or breaches as required by law
• Ensure our subcontractors who access PHI agree to the same restrictions
• Do not sell or use PHI for marketing purposes

4. Information Sharing

We may share your information in the following circumstances:

• Service Providers: Third parties who perform services on our behalf (hosting, payment processing, customer support)
• Legal Requirements: When required by law, subpoena, or other legal process
• Protection of Rights: To protect the rights, property, and safety of ChiroInABox, our users, or others
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• With Your Consent: When you direct us to share information with third parties

We do not sell your personal information or patient data to third parties.

5. Data Security

We implement comprehensive security measures including:

• AES-256 encryption for data at rest and TLS 1.3 for data in transit
• Multi-factor authentication and role-based access controls
• Regular security audits and penetration testing
• SOC 2 Type II certification
• Automatic session timeouts and audit logging
• Geographically distributed backups with disaster recovery procedures

6. Data Retention

We retain your information for as long as your account is active or as needed to provide services. After account termination, we retain data for a period necessary to comply with legal obligations, resolve disputes, and enforce agreements. You may request data export or deletion subject to legal retention requirements.

7. Your Rights and Choices

You have the right to:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal requirements)
• Export: Export your data in a machine-readable format
• Opt-Out: Unsubscribe from marketing communications at any time
• Cookie Preferences: Manage cookie settings through your browser

8. Cookies and Tracking

We use the following types of cookies:

• Essential Cookies: Required for the platform to function properly
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Help us understand how users interact with our platform

You can control cookies through your browser settings. Disabling certain cookies may limit platform functionality.

9. Third-Party Links

Our platform may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.

10. Children's Privacy

ChiroInABox is designed for use by healthcare professionals and is not intended for children under 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable law.

12. California Privacy Rights

California residents have additional rights under the CCPA, including the right to know what personal information we collect, request deletion, and opt-out of the sale of personal information (note: we do not sell personal information). To exercise these rights, contact us using the information below.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the platform. Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

14. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us: