Privacy Policy

1. Introduction

WIO CLINIC ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our healthcare practice management software and services.

By using WIO CLINIC, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Personal Information

We collect information that identifies, relates to, or could reasonably be linked with you, including:

• Name, email address, and contact information
• Account credentials and authentication information
• Billing and payment information
• Professional credentials and license information

2.2 Protected Health Information (PHI)

As a healthcare software provider, we process PHI on behalf of our customers (covered entities). This includes:

• Patient demographics and medical records
• Treatment and diagnosis information
• Billing and insurance information
• Appointment and scheduling data

2.3 Usage Information

• Device information (IP address, browser type, operating system)
• Usage patterns and feature interactions
• Log data and analytics
• Cookies and similar tracking technologies

3. How We Use Your Information

We use the collected information for the following purposes:

• Service Delivery: To provide, maintain, and improve our software services
• Account Management: To create and manage your account
• Customer Support: To respond to inquiries and provide technical assistance
• Security: To detect, prevent, and address security issues and fraud
• Compliance: To comply with legal obligations including HIPAA, GDPR, and other regulations
• Communications: To send service updates, security alerts, and administrative messages
• Analytics: To understand usage patterns and improve our services

4. Data Sharing and Disclosure

We do not sell your personal information. We may share information in the following circumstances:

4.1 Service Providers

We share information with third-party vendors who perform services on our behalf, including:

• Cloud hosting providers (AWS, Google Cloud)
• Payment processors
• Analytics providers
• Customer support tools

4.2 Legal Requirements

We may disclose information to comply with laws, regulations, legal processes, or governmental requests.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

4.4 With Your Consent

We may share information with your explicit consent or at your direction.

5. Data Security

We implement appropriate technical and organizational measures to protect your information:

• Industry-standard encryption (TLS 1.3, AES-256)
• Regular security audits and penetration testing
• Access controls and authentication mechanisms
• Employee training on data protection
• Incident response and breach notification procedures
• HIPAA-compliant infrastructure and practices

6. Data Retention

We retain your information for as long as necessary to:

• Provide our services to you
• Comply with legal obligations (typically 7 years for healthcare records)
• Resolve disputes and enforce our agreements

Upon account termination, we will delete or anonymize your data within 90 days, unless required by law to retain it longer.

7. Your Rights and Choices

Depending on your location, you may have the following rights:

• Access: Request a copy of your personal information
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your information
• Portability: Receive your data in a portable format
• Objection: Object to processing of your information
• Restriction: Request restriction of processing
• Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights, contact us at privacy@wio.clinic

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data Processing Agreements with all service providers
• Compliance with applicable data protection laws

9. Children's Privacy

Our services are not directed to individuals under 18. We do not knowingly collect personal information from children. If we learn that we have collected information from a child without parental consent, we will delete it promptly.

10. Cookies and Tracking Technologies

We use cookies and similar technologies for:

• Authentication and security
• Preferences and settings
• Analytics and performance monitoring
• Marketing (with your consent)

You can control cookies through your browser settings. Note that disabling cookies may affect functionality.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on our website
• Sending an email notification
• Displaying an in-app notice

Continued use of our services after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy, please contact us:

13. Jurisdiction-Specific Information

For European Union (EU) Residents

Under GDPR, we are the data processor for PHI and data controller for account information. You have the right to lodge a complaint with your local supervisory authority.

For California Residents

Under CCPA/CPRA, you have additional rights including the right to opt-out of sale of personal information (we don't sell your data) and the right to limit use of sensitive personal information.

For United States Healthcare Providers

As a Business Associate under HIPAA, we enter into Business Associate Agreements (BAAs) with covered entities. See our HIPAA Compliance page for details.