Introduction
InstaClinic AI ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services. By using InstaClinic AI, you agree to the practices described in this policy.
1. Core Privacy Principles
1.1 Data Minimization
We collect only the personal information strictly necessary to schedule and manage medical appointments. This includes patient names, contact details, health insurance numbers, and appointment preferences. Staff are prohibited from collecting diagnostic information or treatment histories through our systems, which do not contain that information in the first place.
1.2 Purpose Limitation
Collected data may only be used for the following:
- AI is exclusively used for automated appointment scheduling
- The system processes basic appointment data (patient name, contact details, preferred time slots)
- The system verifies patient identities during appointment interactions
- AI does not make clinical decisions, diagnose conditions, or process medical records
- Users can request human review of any AI-scheduled appointment by contacting the clinic directly.
- Coordinating clinic schedules with integrated practice management systems
- Secondary data uses require explicit written authorization.
1.3 Prohibited Data Uses
- Production data must never be used for development, testing, or training.
- Only synthetic or de-identified data meeting HIPAA §164.514 standards may be used.
2. Your Information
2.1 Information We Collect
We may collect information that identifies you, including but not limited to:
- Personal Information: Name, phone number, email address, date of birth, and other identifying details provided by you or your clinic.
- Health Information: Appointment details, insurance information, and other health-related data for the purpose of facilitating medical services.
- Technical Information: Device information, IP address, browser type, and other usage details to help improve our service.
2.2 How We Use Your Information
We use your information for the following purposes:
- Service Delivery: To provide, maintain, and enhance InstaClinic AI's features, including appointment booking, and AI call handling.
- Personalization and Communication: To customize your experience, send reminders, and respond to inquiries.
- Legal Compliance: To comply with any applicable laws, regulations, and legal processes.
2.3 How We Share Your Information
We do not sell or rent your personal information to third parties. We may share your information in the following situations:
- With Your Consent: We may share your information with third parties if you provide consent.
- Service Providers: We may share information with vendors and service providers who perform functions on our behalf.
- Legal Requirements: We may disclose your information to comply with legal obligations, such as responding to court orders or legal processes.
3. Consent Management
3.1 Explicit Consent Capture
Patients provide verbal consent at the start of each voice interaction after hearing a standardized disclosure about data usage. The system records timestamps and consent context for 7 years. Clinics must renew consent every 24 months or when changing data processing purposes.
3.2 Withdrawal Process
Patients may revoke consent by submitting a signed request to their clinic. Upon receiving such a request, InstaClinic.ai will:
- Cease all processing within 72 hours of clinic notification
- Delete voice recordings within 30 days
- Retain transaction logs for legal compliance purposes
- Patients have the right to request access to their PHI, request amendments, and obtain a history of disclosures under HIPAA §164.524. InstaClinic.ai must provide this information within 30 days of request.
4. Third-Party Management
We may use vendors to provide our services, such as infrastructure and call handling vendors. These external service providers must demonstrate:
- SOC 2 Type II or ISO 27001 certification
- Data processing agreements with breach liability clauses
- Annual security audits conducted by qualified third parties
- InstaClinic.ai will only provide patient data to law enforcement agencies with a valid court order, except where legally required to disclose without notice (e.g., imminent harm situations). Where possible, patients will be notified of data requests.
5. Data Security
We employ a variety of security measures to protect your personal information. These include encryption, access control, and secure storage methods. While we strive to use commercially acceptable means to protect your data, no method of transmission over the internet is 100% secure.
All sensitive data receives dual-layer protection:
- At Rest: AES-256 encryption for databases containing health identifiers
- In Transit: TLS 1.3 with perfect forward secrecy for voice/data transmissions
Key management follows NIST SP 800-57 guidelines with quarterly rotations. - All patient data is classified according to sensitivity levels, and data integrity is validated using SHA-384 hash verification.
6. Data Retention
We will retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by law.
7. Your Privacy Rights
Depending on your location, you may have certain rights regarding your personal information, including the right to access, update, or delete your data. Please contact us at privacy@InstaClinic.ai for any inquiries or requests regarding your data.
8. Cookies and Tracking Technologies
InstaClinic AI may use cookies and similar technologies to improve user experience, analyze trends, and manage the platform. You can control cookies through your browser settings.
9. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by updating the "Last Updated" date at the top of this page. Continued use of the service signifies your acceptance of the revised policy.
10. Contact Us
If you have any questions or concerns about this Privacy Policy, please contact us at privacy@InstaClinic.ai.
