Privacy Policy

Effective Date: April 3, 2026

InPractice Health (“Company”, “we”, “us”, or “our”) is committed to protecting the privacy and security of the data we handle. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our platform, website (inpracticehealth.com), and related services (collectively, the “Services”).

1. Scope

This Privacy Policy applies to:

  • Customers (clinics, enterprises, and partners)
  • End users accessing dashboards or reports
  • Website visitors

It does not apply to Protected Health Information (PHI) processed on behalf of customers, which is governed by applicable Business Associate Agreements (BAAs).

2. Information We Collect

2.1 Information Provided by Customers

  • Clinical and operational data (e.g., appointment, treatment, and business metrics)
  • User account information (name, email, organization)
  • Uploaded datasets and integrations (e.g., POS, EMR, CRM systems)

2.2 Automatically Collected Information

  • Device and usage data (IP address, browser type, session logs)
  • Interaction data (queries, reports generated, feature usage)
  • Cookies and similar technologies

2.3 Derived Data

  • Aggregated analytics
  • Anonymized insights across clinics
  • Model-generated outputs (reports, predictions)

3. How We Use Information

We use data to:

  • Provide, operate, and improve the Services
  • Generate analytics, reports, and insights
  • Support customer queries and workflows
  • Ensure security, integrity, and compliance
  • Develop new features and models

We do not sell personal data.

4. HIPAA & Health Data Handling

Where applicable:

  • We act as a Business Associate under HIPAA
  • PHI is processed strictly per customer instructions
  • Data is encrypted in transit and at rest
  • Access is restricted via role-based controls

Customers are responsible for:

  • Obtaining necessary patient consents
  • Ensuring lawful data collection

5. Data Sharing & Disclosure

We may share data with:

5.1 Service Providers

  • Cloud infrastructure providers
  • Analytics and monitoring tools
  • Security and compliance vendors

5.2 Legal & Compliance

  • To comply with laws, regulations, or legal requests
  • To protect rights, safety, and security

5.3 Aggregated Data

We may share anonymized, aggregated insights that cannot identify individuals or specific clinics.

6. Data Retention

We retain data:

  • As long as necessary to provide Services
  • As required by law or contractual obligations

Customers may request deletion or export of their data.

7. Security

We implement industry-standard safeguards:

  • Encryption (TLS, AES-256)
  • Access controls and audit logs
  • Secure infrastructure and isolation
  • Continuous monitoring and testing

8. Your Rights

Depending on jurisdiction, users may:

  • Access, correct, or delete their data
  • Object to or restrict processing
  • Request data portability

Requests can be submitted to: privacy@inpracticehealth.com

9. Cookies & Tracking

We use cookies to:

  • Maintain sessions
  • Analyze usage
  • Improve performance

Users may control cookies via browser settings.

10. International Data Transfers

Data may be processed in the United States or other jurisdictions. We implement safeguards such as:

  • Standard contractual clauses (where applicable)
  • Secure cloud infrastructure

11. Changes to This Policy

We may update this Privacy Policy periodically. Updates will be posted with a revised effective date.

12. Contact Us

InPractice Health

Email: privacy@inpracticehealth.com

Website: https://inpracticehealth.com

13. Additional Notes for Customers

  • This Privacy Policy complements (but does not replace) any signed Data Processing Agreement (DPA) or BAA
  • In case of conflict, contractual agreements take precedence