Provider.App
Provider.app

Privacy Policy

Effective Date: June 24, 2025

Introduction

Provider.app (“we”, “us”) aggregates non‑personal business data—not client/patient PII—to help clinics understand performance. We comply with PIPEDA and implement safeguards comparable to HIPAA. This Policy explains what we collect, why, and your choices.

1. Information We Collect

Category Examples Notes
Account Info Name, email, clinic name, billing details Needed to create & service your account.
Third‑Party Data Revenue totals, appointment counts, website metrics Pulled only from integrations you authorize (Jane.app, Google Analytics, QuickBooks, etc.). No patient PII.
Usage Data IP, timestamps, clicks, error logs Improves performance & security.
Cookies Session & analytics cookies Essential cookies run the service; analytics cookies help us improve (you can opt out).

2. How We Use Your Information

  • Provide & maintain the Service (dashboards, insights, billing).
  • Improve features, security, and performance.
  • Communicate (support, account notices, optional marketing—you can unsubscribe).
  • Legal compliance & fraud prevention.
  • Business transfers if ownership changes (with equivalent safeguards).

3. Sharing Your Data

We never sell your information. We share it only with:

  1. Trusted subprocessors (cloud hosting, payment, email, analytics) under strict contracts.
  2. Third‑party services you connect, at your instruction.
  3. Lawful requests or to protect rights, safety, or comply with legal obligations.
  4. Business transfers (merger, acquisition) with continued protection.
  5. Your consent for any other disclosure.

4. Data Security

  • HTTPS/TLS encryption; encrypted tokens & password hashing.
  • Least‑privilege internal access; audited.
  • Secure SDLC, vulnerability scanning, periodic pentests.
  • Continuous monitoring; incident response plan.
  • SOC 2 compliance in progress.

5. Your Rights

You may:

  • Access personal data we hold.
  • Correct inaccuracies.
  • Delete data (subject to legal retention).
  • Withdraw consent for marketing.
  • Port your data in a common format.

Contact support@provider.app to exercise these rights. We respond within 30 days.

6. Data Retention

  • Account data kept while account is active; deleted on closure (except legally required records).
  • Integrated metrics stored while connection exists; removed on request or account deletion.
  • Logs retained only as long as needed for security/diagnostics (typically ≤ 12 months).
  • Backups follow fixed rotation schedules; deleted after retention period.

7. International Transfers

Data may be processed in Canada, the USA, or other countries. We use Standard Contractual Clauses and other safeguards to protect cross‑border transfers.

8. Third‑Party Links

Links in Provider.app may lead to external sites (e.g., tutorials, social media). Their privacy practices apply once you leave our domain.

9. Children’s Privacy

Provider.app is not for children under 13. We don’t knowingly collect children’s data. Contact us if you believe we have inadvertently done so.

10. Changes to This Policy

We’ll post updates here and notify you of material changes via email or in‑app notice. Continued use after the effective date = acceptance.

Contact Us

Provider.app – Privacy Team
Email: support@provider.app

We’re happy to answer any questions or handle data requests.

Happy clinic growing with Provider.app—your data stays yours, and we keep it safe!