Last Updated: 17th August, 2025
Onpoid (“we,” “our,” or “us”) respects your privacy and is committed to protecting the personal and clinic data you share with us. This Privacy Policy explains how we collect, use, and safeguard information when you use our website, services, and automation solutions (“Services”).
By using our Services, you agree to the practices described in this Privacy Policy.
1. Information We Collect
We collect information in order to provide and improve our Services, including:
- Clinic Information: Business name, address, phone number, email, staff details, and scheduling system access.
- Patient Information (as a data processor): Appointment details, contact information, reminders, follow-up status, and communication preferences (strictly for automation purposes).
- Billing Information: Payment details necessary to process invoices.
- Technical Data: IP addresses, device type, browser type, and usage patterns when visiting our website.
- Communication Data: Emails, calls, and other communications exchanged with us.
2. How We Use Information
We use the information collected to:
- Deliver, manage, and improve our automation services.
- Reduce no-shows, send reminders, and manage follow-ups on behalf of clinics.
- Provide reporting dashboards (patients saved, revenue recovered).
- Respond to inquiries, support requests, and troubleshooting.
- Comply with legal and regulatory obligations.
- Improve user experience on our website.
3. HIPAA & Patient Data
- Onpoid may process limited patient data strictly for operational purposes (reminders, follow-ups, review requests).
- Clinics remain the data controller; Onpoid acts only as a data processor.
- All patient data is stored and transmitted with encryption and safeguards aligned with HIPAA standards.
- We do not sell, share, or use patient data for any purpose outside of providing Services to the clinic.
4. Legal Basis (GDPR Compliance)
For clinics and patients in the European Economic Area (EEA), we process data under the following legal bases:
- Performance of a Contract: Delivering automation services to clinics.
- Legitimate Interest: Reducing no-shows, improving clinic operations.
- Legal Obligation: Complying with healthcare data regulations.
- Consent: Where required (e.g., marketing emails).
5. Sharing of Information
We only share data with trusted third parties necessary to operate our Services, such as:
- Technology platforms (SMS/email providers, scheduling tools).
- Payment processors for billing.
- Legal, compliance, or regulatory authorities if required by law.
We do not sell or rent any personal or clinic data.
6. Data Retention
- Clinic and patient data is retained only as long as needed to provide Services.
- When Services are terminated, clinic data is securely deleted or returned within 30 days, unless otherwise required by law.
7. Data Security
We implement strict technical and organizational safeguards to protect data, including:
- Encryption in transit and at rest.
- Role-based access controls.
- Regular monitoring for vulnerabilities.
- Employee confidentiality agreements and training.
8. Cookies & Website Tracking
Our website uses cookies and analytics tools to improve functionality and measure performance. You can disable cookies through your browser settings, but some features may not work properly.
9. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the data we hold about you.
- Request corrections to inaccurate data.
- Request deletion of personal data.
- Opt-out of marketing communications.
- Restrict or object to certain processing.
To exercise these rights, please contact us at privacy@onpoid.com.
10. Children’s Privacy
Our Services are not directed to children under 18. We do not knowingly collect personal data from minors.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Updates will be posted on this page with the “Last Updated” date revised. Continued use of Services indicates acceptance of changes.