Effective Date: March 23, 2026 | Last Updated: March 23, 2026
This Privacy Policy describes how ChiroApp and its owners, operators, developers, creators, affiliates, successors, and assigns (collectively, "ChiroApp", "we", "us", or "our") collect, use, store, and protect information when you use the ChiroApp platform, website, and related services (the "Service"). By using the Service, you consent to the practices described in this policy.
When you create an account, we collect: practice name, doctor/owner name, email address, password (stored as a cryptographic hash), selected subscription plan, and BAA/TOS acceptance timestamps.
In the course of using the Service, you may store: patient/client records, appointment details, clinical notes (SOAP notes), invoices and payment records, documents, images, and other Content you upload. For practices treating human patients, this may include Protected Health Information (PHI) as defined by HIPAA.
When you use SMS or email features, we process: sender and recipient phone numbers/email addresses, message content, delivery status, and timestamps. SMS messages are transmitted through Twilio and are subject to Twilio's privacy practices.
We automatically collect: IP address, browser type and version, device type, pages visited, feature usage patterns, API request logs, error logs, and general usage analytics. This data is used to operate, maintain, and improve the Service.
Payment information (credit card numbers, bank details) is processed by our third-party payment processor and is never stored on ChiroApp servers. We retain only transaction records (amounts, dates, status).
We use the information we collect to:
We do not sell, rent, or trade your personal information or patient data to third parties. We do not use patient data for advertising or marketing purposes.
For practices that handle Protected Health Information (PHI), ChiroApp operates as a Business Associate under HIPAA. The Business Associate Agreement (BAA) executed at signup governs our obligations regarding PHI. Key commitments include:
Your data is stored on secure servers. We implement industry-standard security measures including: encrypted data transmission (TLS/SSL), hashed and salted password storage, role-based access controls, regular automated backups, and audit logging of administrative actions. No method of electronic storage is 100% secure, and we cannot guarantee absolute security. You acknowledge and accept this inherent risk.
| Scenario | Retention Period |
|---|---|
| Active subscription | Data retained indefinitely while subscription is active |
| Cancelled subscription | 30 calendar days, then permanent deletion |
| Terminated for cause | May be deleted immediately |
| SMS/transaction logs | Retained for billing and audit purposes for 7 years |
| Server logs | 90 days |
You may export your data at any time during your active subscription using the data export tools provided within the Service. After account deletion, data cannot be recovered.
We use the following third-party services to operate the Service:
We are not responsible for the privacy practices of any third-party service. We encourage you to review their policies independently.
The Service uses browser local storage and session cookies for: authentication (keeping you logged in), user preferences, and basic analytics. We do not use third-party advertising cookies or cross-site tracking technologies.
If you access ChiroApp through a patient portal provided by your healthcare provider, your use is governed by both this Privacy Policy and any privacy notices provided by your healthcare provider (the Covered Entity). Your provider controls how your data is collected and used within ChiroApp. Questions about your health records should be directed to your healthcare provider.
The Service is not directed to individuals under 18. We do not knowingly collect personal information from children. Patient records for minors are stored under the control and responsibility of the Practice Account and the minor's guardian.
Depending on your jurisdiction, you may have the right to: access, correct, or delete your personal information; object to or restrict certain processing; request data portability; and withdraw consent. To exercise these rights, contact us at the address below. Note that some account data is necessary to provide the Service and cannot be deleted while your account is active.
We may update this Privacy Policy from time to time. Material changes will be communicated via email or through a notice within the Service at least 14 days before taking effect. Your continued use after the effective date constitutes acceptance.
For privacy-related questions: privacy@chiroapp.app
For general inquiries: support@chiroapp.app