Privacy Policy

ChiroDesk AI provides AI-powered scheduling services to chiropractic practices. We act as a Business Associate under HIPAA on behalf of our customers (chiropractic practices), who are Covered Entities.

This Privacy Policy describes how we collect, use, and protect information when you interact with our services, whether you are a practice using our platform or a patient interacting with our AI scheduling system.

• Identity information: Name, date of birth, phone number
• Health information: Reason for visit, symptoms or conditions mentioned during conversations, injury details
• Appointment information: Dates, times, providers, service types, scheduling preferences
• Insurance information: Insurance provider, policy details, auto accident insurance information
• Communication records: Call recordings, call transcripts, text message content

• Practice information: Practice name, address, phone number, provider names and schedules
• Account information: Name, email, login credentials of practice staff
• Patient records: Information accessed through EHR integration as needed for scheduling (appointment history, provider preferences, treatment plan status)
• Configuration data: Scheduling rules, service types, office hours, practice preferences

• Device and technical data: IP address, browser type, device identifiers when accessing our web platform
• Usage data: How practice staff interact with our dashboard (pages visited, features used)

• Scheduling services: Booking, rescheduling, and cancelling appointments on behalf of practices
• Patient communication: Sending appointment confirmations, reminders, and follow-up messages as configured by the practice
• Service delivery: Operating and maintaining our platform for subscribing practices
• Support: Responding to practice inquiries and resolving technical issues
• Compliance: Meeting legal obligations under HIPAA and other applicable laws

• With your practice: All scheduling data and patient interactions are shared with the practice you are a patient of. They are the Covered Entity responsible for your care.
• With subprocessors: We use service providers for cloud hosting, telephony, and EHR integration. All subprocessors are bound by Business Associate Agreements and are required to protect PHI.
• As required by law: We may disclose information in response to valid legal process (subpoenas, court orders) or as otherwise required by law.
• Never sold: We do not sell, rent, or trade personal information or PHI to any third party for marketing or any other purpose.

• Patient PHI: Retained for the duration of our agreement with the practice. Upon termination, PHI is returned or destroyed within 60 days per our BAA.
• Call recordings and transcripts: Retained per the practice’s configured retention period.
• Audit logs: Retained for a minimum of 6 years per HIPAA requirements.
• Account data: Retained for the duration of the account plus 60 days after termination for data export.

As a patient, you have the right to:

• Access your Protected Health Information
• Request amendments to your records
• Request an accounting of disclosures
• Request restrictions on certain uses and disclosures
• Request confidential communications

To exercise these rights, contact your chiropractic practice directly. As a Business Associate, we will support your practice in fulfilling these requests.

Depending on your state of residence, you may have additional rights including the right to know what personal information is collected, the right to delete, and the right to opt out of certain data uses. Contact us at privacy@chirodesk.ai for state-specific requests.

We implement comprehensive technical, administrative, and physical safeguards to protect your information. For details, see our HIPAA Compliance page.

Our AI system processes patient phone calls and text messages to facilitate scheduling. This means:

• Conversations with our AI scheduling assistant are recorded, transcribed, and stored securely
• The AI uses conversation content to perform scheduling actions (booking, rescheduling, cancelling appointments)
• AI-generated summaries and confirmations are created and sent to patients and practices
• AI outputs are not guaranteed to be completely accurate. Practices should verify scheduling details
• The AI does not provide medical advice, diagnosis, or treatment recommendations

Our services are not directed to children under 13. We do not knowingly collect personal information from children under 13 without parental consent. Scheduling for minor patients is handled through their parent or guardian.

We may update this Privacy Policy from time to time. We will notify subscribing practices of material changes via email at least 30 days before the changes take effect. The “Last updated” date at the top of this page reflects the most recent revision.

For privacy questions, data requests, or concerns:

Email: privacy@chirodesk.ai