top of page
  • X
  • Linkedin
  • Medium
ClinIQ_Logo.png

clinIQ™ Privacy & Data Protection Policy

Last updated: October 2025 
Operated by The Algorithm LLC, a Colorado S-Corporation 
5031 Ashbrook Circle, Highlands Ranch, CO 80130, USA 

Introduction 
clinIQ™ (“we,” “our,” or “us”) is committed to protecting your privacy and ensuring the security of all information entrusted to us. 
This Privacy & Data Protection Policy (“Policy”) explains how we collect, use, store, disclose, and protect personal and protected health information when you use our website, mobile applications, and related services (collectively, the “Services”). 
By accessing or using the Services, you agree to this Policy. If you do not agree, please discontinue use. 

1. Scope
This Policy applies to: 

  • Clinics, healthcare providers, and their staff who use clinIQ™.

  • Patients and authorized users who access the patient portal or mobile app.

  • Any visitor who interacts with our website or communications.

 

This Policy forms part of our Terms & Conditions and should be read alongside our HIPAA Compliance Statement.

 

2. Information We Collect
We collect information necessary to provide, secure, and improve our Services, including:

2.1 Personal and Identifiable Information ​

  • Name, address, email, phone number, and other identifiers.

  • Clinic, provider, or organization affiliation.

2.2 Protected Health Information (PHI) 

  • Demographics, medical history, vital signs, treatment notes, remote monitoring data, and other clinical information entered by providers or devices.

2.3 Technical Information

  • Log data such as IP address, browser type, and operating system.

  • Session cookies for authentication and security. (No third-party analytics cookies are used.)

2.4 Payment Information 

  • Clinic billing details processed securely through Stripe.

  • We do not store patient or cardholder payment data on our servers.

3. How We Use Information

We use collected data to: 

  1. Provide and maintain the clinIQ™ Services.

  2. Enable communication between clinics and patients.

  3. Generate analytics and reports for clinical and operational use.

  4. Improve platform reliability, performance, and compliance.

  5. Fulfill legal, billing, and contractual obligations.

We do not sell or rent personal or PHI data to any third parties. 

4.    Data Retention

  • Active data is retained for the duration of the subscription.

  • Upon termination, clinic data remains available for 30 days for export and is fully purged from backups within 90 days.

  • Audit logs and compliance records are retained for up to 6 years, as required by HIPAA.

5. Data Sharing & Sub-Processors
We use carefully selected, HIPAA-aligned service providers under executed BAAs or DPAs, including: 

  • Amazon Web Services (AWS) – hosting and storage

  • MongoDB Atlas – managed database

  • Twilio / SendGrid – communications

  • Stripe – payment processing (non-PHI)

  • Jira Service Management – internal support operations

Each provider is contractually bound to safeguard data and act only under our instructions. 

Optional Platform Integrations 
clinIQ™ may offer optional integrations with: 

  • Claire™ by The Algorithm LLC – AI-powered voice and chat orchestration (separate BAA).

  • Vizier™ by The Algorithm LLC – Healthcare analytics and dashboards (separate BAA).

When you enable these integrations, clinIQ™ shares only the data required to provide the requested functionality. All such exchanges are covered by the Business Associate Agreements specific to each platform. 

6. Your Rights
You (or your clinic) may: 

  • Access / Export Data: Request a structured export of your information.

  • Correct Data: Update inaccurate or incomplete details through your portal.

  • Request Deletion: Email compliance@cliniqhealthcare.com to request deletion; verified requests are completed within 30 days unless retention is required by law.

  • Opt Out of Communications: Click “unsubscribe” in any non-essential email or contact privacy@cliniqhealthcare.com.

7. Security Measures
We employ industry-standard administrative, technical, and physical safeguards: 

  • TLS 1.3 encryption in transit; AES-256 encryption at rest.

  • Role-based access control (RBAC) and MFA for internal users.

  • Daily encrypted backups with geographically redundant storage.

  • Annual penetration testing and HIPAA risk assessments.

Despite our safeguards, no system can guarantee absolute security; users share responsibility for maintaining secure credentials and device hygiene. 

8. Children’s Privacy
clinIQ™ is intended for use by clinics and authorized patients, including minors only under provider or parental supervision. 
We do not knowingly collect data directly from children under 13 without consent through a provider relationship. 

9. International Data Handling
Data is processed and stored solely within the United States
If data is accessed from abroad (e.g., subsidiaries in the UK or India), it is protected under equivalent contractual and encryption safeguards. 

10. Changes to This Policy
We may update this Policy periodically to reflect operational or legal changes. 
Material updates, including the introduction of new integrated platforms, will be reflected in this Policy, posted on our website and communicated where appropriate. 
The “Last Updated” date indicates the effective version. 

11. Contact Information
For privacy inquiries, data requests, or complaints: 
clinIQ Compliance Office 
The Algorithm LLC 
5031 Ashbrook Circle, Highlands Ranch, CO 80130 USA 
Email: privacy@cliniqhealthcare.com or compliance@cliniqhealthcare.com 

© 2025 The Algorithm LLC — All Rights Reserved clinIQ™ is a trademark of The Algorithm LLC. 

bottom of page