Clinic OS

Legal · privacy policy

How we handle your data.

Your clinic's data — and your patients' data — is yours. This page explains what we collect, why, and the controls you have over it.

Last updated · Feb 2026

§01

Overview

ClinicFirst Inc. (“Clinic OS”, “we”, “us”) builds an operating system for clinics. This policy explains what data we collect, how we use it, and the rights you have over it.

We treat your clinic's data — and your patients' data — the way we'd want ours treated. Your EMR is the source of truth. Clinic OS reads from it; we never edit or delete records inside it.

§02

What we collect

We collect only what we need to run Clinic OS for your clinic. Broadly:

  • Account data — clinic name, owner contact, billing details, team member emails & roles.
  • Operational data — appointment metadata, call recordings (only if you enable Call IQ AI), unified-inbox messages, KAI conversations.
  • Patient data — only the fields surfaced by your EMR via our read-only sync (name, contact, appointment, encounter notes when authorised).
  • Usage data — pages visited inside Clinic OS, module engagement, errors and performance metrics.
§03

How we use it

We use data only to deliver and improve Clinic OS:

  • Run the platform & the AI modules you've enabled (KAI, Call IQ, Voice Agents, etc.).
  • Provide reception, owner and clinician views, alerts, and reporting.
  • Respond to support requests and keep the product working reliably.
  • Aggregate, anonymised insights to improve model accuracy and product decisions.

We never sell your data. We never share it with third parties for advertising.

§04

Who we share with

We share data only with sub-processors required to deliver the service — all under data-processing agreements:

  • Cloud infrastructure (AWS, Google Cloud) for hosting and storage.
  • Communications (SMS / voice / email providers) when you use those modules.
  • EMR partners (Jane App, Juvonno) for read-only sync, where you authorise.
  • Payment processors for billing.

A full, up-to-date list is available from privacy@clinicfirst.app.

§05

Your rights

Your data is yours. At any time you can:

  • Export every record, message, conversation and report from Settings.
  • Correct or delete personal data — email privacy@clinicfirst.app.
  • Disconnect your EMR in one click. Your EMR records stay intact.
  • Close your account — we delete operational data within 30 days, retain only what law requires.
§06

Retention

Operational data is retained while your account is active and for up to 30 days after closure. Audit logs and billing records are retained for up to 7 years to meet legal obligations. Aggregated, anonymised analytics may be retained indefinitely.

§07

Contact

Questions or requests? Reach our privacy team:

  • Email — privacy@clinicfirst.app
  • Mail — ClinicFirst Inc., Ottawa, ON, Canada

Questions about this page?

Contact support
Ready when you are

Run your clinic. Not your tools.

Replace the messy stack with one calm OS. Fill the schedule, engage every patient, keep them coming back — without the tab-switching tax.

Haven't taken the audit? · 60 seconds
Build Your OS
HIPAA-readySOC 2 aligned99.9% uptime2-way EMR sync