Legal
Privacy Policy
Last updated: April 6, 2026
HIPAA Notice: ClearPrep Health is designed as a HIPAA-compliant platform. We implement administrative, physical, and technical safeguards to protect any protected health information processed through our services.
1. Who We Are
ClearPrep Health LLC ("ClearPrep," "we," "us," or "our") is an Arizona limited liability company that operates a HIPAA-compliant SaaS platform for healthcare clinics. We deliver protocol-specific patient preparation guides via timed SMS reminders with secure tokenized links.
Contact: hello@clearprep.health
2. Information We Collect
From clinic staff (our customers):
- Name and email address for account creation and login
- Clinic name, address, and contact information
- Billing information processed through our payment provider (Stripe)
From patients (end users of clinic services):
- Mobile phone number (encrypted at rest using AES-256 field-level encryption)
- Clinic-assigned patient identifier code (not name or MRN)
- Procedure date and protocol type
- SMS consent status and date
- Guide access logs (timestamp of when a preparation guide link was opened)
Automatically collected:
- SMS delivery status from our carrier (Twilio)
- Tokenized guide link click data
- System audit logs for HIPAA compliance purposes
3. How We Use Information
- To deliver timed SMS reminders and preparation guides to patients on behalf of enrolled clinics
- To provide clinic staff with engagement reporting (guide open rates, delivery status)
- To maintain audit logs required for HIPAA compliance
- To process subscription payments for clinic accounts
- To send transactional emails to clinic staff (account setup, notifications)
- To improve platform reliability and performance
4. Information We Do Not Collect
By design, ClearPrep Health does not collect or store:
- Patient names or date of birth
- Medical record numbers (MRN)
- Diagnosis, treatment, or clinical notes beyond procedure type
- Any protected health information (PHI) in SMS message bodies
- Payment card numbers (handled entirely by Stripe)
5. How We Share Information
We do not sell, rent, or share personal information with third parties for marketing purposes. We share information only as follows:
- Twilio: Our SMS carrier. Phone numbers and message content are transmitted to Twilio to deliver messages. Twilio operates under a Business Associate Agreement (BAA) with us.
- Amazon Web Services (AWS): Our cloud hosting provider. Data is stored in AWS RDS (PostgreSQL) within a private VPC. AWS operates under a BAA with us.
- Stripe: Our payment processor. Billing data is handled entirely by Stripe and is not stored on our servers.
- Legal requirements: We may disclose information if required by law, court order, or to protect the rights and safety of ClearPrep Health or others.
6. Data Security
- Phone numbers are encrypted at the field level using Fernet (AES-128-CBC) in addition to database-level AES-256 encryption at rest
- All data is transmitted over TLS (HTTPS)
- Patient guide access is controlled through cryptographically random single-use tokens
- Access to clinic data is restricted to authenticated clinic staff only
- Audit logs are append-only and cannot be modified or deleted
- Passwords are hashed using bcrypt with a cost factor of 12
7. SMS Messaging and Opt-Out
Patients receive SMS messages only after providing explicit written consent at the time of clinical enrollment. Every SMS message includes opt-out instructions. Patients may opt out at any time by replying STOP to any message. Upon receiving a STOP reply, no further messages will be sent. Patients may resume messages by replying START.
8. Data Retention
Patient records are retained for the duration of the clinic's active subscription. Clinics may request deletion of patient records at any time. Audit logs are retained for a minimum of six years in accordance with HIPAA requirements. Billing records are retained as required by law.
9. Your Rights
Depending on your jurisdiction, you may have the right to access, correct, or delete personal information we hold about you. To make a request, contact us at hello@clearprep.health. We will respond within 30 days.
10. Children's Privacy
ClearPrep Health is a business-to-business platform intended for use by healthcare clinics and their adult patients. We do not knowingly collect personal information from children under the age of 13.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify clinic administrators of material changes by email. Continued use of the platform after changes constitutes acceptance of the updated policy. The "Last updated" date at the top of this page reflects the most recent revision.
12. Contact
For privacy-related questions or requests:
ClearPrep Health LLC
Arizona, United States
hello@clearprep.health