Privacy Policy
This page contains our complete privacy policy. You can review it here or download a copy for your records.
Privacy Policy
Effective Date: May 29, 2025, Last Updated: June 24, 2026
1. Introduction
Clerie.ai ("Clerie," "we," "us," or "our") provides an electronic health record, practice management, billing, scheduling, messaging, and AI-assisted workflow platform for wellness, behavioral health, and other healthcare-related providers.
- We are committed to protecting the privacy and security of personal information, including protected health information ("PHI") handled through our platform
- This Privacy Policy explains how we collect, use, disclose, and protect information when you use our website, platform, integrations, SMS/text messaging programs, and related services
- This Privacy Policy should be read alongside our Terms of Service.
- When Clerie processes PHI on behalf of healthcare provider customers, Clerie acts as a Business Associate under the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations ("HIPAA"). In those cases, our use and disclosure of PHI is governed by our Business Associate Agreements, customer agreements, and applicable law
- This Privacy Policy is not intended to replace the Notice of Privacy Practices provided by your healthcare provider. If you are a patient and have questions about your medical record or HIPAA rights, please contact your healthcare provider directly
2. Scope and Applicability
This Privacy Policy applies to:
- Healthcare providers, wellness professionals, administrative staff, and other authorized users of Clerie
- Patients whose information is stored, processed, or transmitted through Clerie by a healthcare provider
- Visitors to our website and individuals who request demos, pricing, support, or other information
- Individuals who provide contact information through forms, account setup, onboarding, or opt-in processes
- Users of Clerie's SMS/text messaging programs
- Information processed through Clerie's AI-assisted features and third-party integrations
3. Clerie's Privacy Roles
Clerie handles information in different legal roles depending on the context.
- Business Associate: For provider customers that are HIPAA covered entities, Clerie generally acts as a Business Associate when we create, receive, maintain, or transmit PHI on behalf of the provider customer
- Service Provider or Processor: When Clerie processes personal information on behalf of a customer, we process that information under the customer's instructions, our agreements, and applicable privacy laws
- Independent Business: When Clerie collects information directly from website visitors, sales prospects, demo requesters, job applicants, or provider account users for our own business operations, that information may be handled as business contact information or personal information under this Privacy Policy
- Provider Responsibility: Provider customers are responsible for their own privacy notices, patient relationships, user permissions, record-retention choices, and legal obligations that apply to their practices
4. Information We Collect
We may collect and process the following categories of information:
- Protected Health Information (PHI): Patient demographics, contact information, medical history, clinical notes, intake forms, assessments, diagnoses, treatment plans, appointments, billing information, insurance information, claims information, medication records, lab results, wellness assessments, and other information entered into or processed through the platform by provider customers
- Provider and Account Information: Names, professional credentials, business contact information, organization information, account credentials, user roles, preferences, authentication data, payment and billing contact details, and support communications
- Website, Sales, and Marketing Information: Information you provide through website forms, demo requests, pricing inquiries, newsletters, events, support requests, or similar interactions, including name, email address, phone number, company, role, and communication preferences
- Mobile Phone Numbers and SMS Consent Data: Mobile phone numbers, opt-in status, communication preferences, consent language, date and time of consent, source or method of consent, and opt-out records
- Technical and Usage Information: IP address, device information, browser type, operating system, log data, session activity, referring pages, pages viewed, approximate location derived from IP address, and usage patterns
- Integration Data: Information received through integrations you enable, such as Google Calendar data, OAuth tokens, refresh tokens, webhook subscriptions, appointment data, scheduling information, clearinghouse data, billing tools, or other connected services
- AI Processing Data: Information processed through AI-assisted features, such as clinical documentation, appointment context, billing codes, claim data, scheduling data, communication drafts, workflow history, and other information needed to provide AI-assisted functionality
5. How We Use Information
We use information to provide, secure, improve, and support Clerie's services. Depending on the type of information and our role, we may use information for the following purposes:
- To provide the Clerie platform and related services
- To support treatment, payment, healthcare operations, care coordination, billing, credentialing, scheduling, documentation, claims processing, and practice management
- To create, manage, secure, and support user accounts
- To provide AI-assisted features such as documentation suggestions, transcription support, treatment plan drafts, clinical workflow suggestions, billing code suggestions, claim support, scheduling support, and operational insights
- To send appointment reminders, confirmations, follow-up messages, account notices, operational updates, and support communications
- To communicate with provider customers, prospects, and account users about Clerie products, services, events, updates, offers, and educational content, subject to applicable consent and opt-out rights
- To analyze and improve website performance, product functionality, security, reliability, and user experience
- To detect, prevent, investigate, or respond to fraud, abuse, security incidents, legal claims, or violations of our terms
- To comply with applicable laws, regulations, contractual obligations, and legal process
- We do not use PHI from the Clerie EHR for advertising or third-party marketing. We do not sell PHI
6. Marketing and Business Communications
Clerie may use business contact information from website visitors, demo requesters, prospects, provider customers, and account users to market Clerie's own products and services.
- We may send information about product updates, demos, events, educational content, or offers that may be relevant to a provider or practice
- We do not use patient PHI from the EHR for marketing unless permitted by HIPAA, authorized by the patient where required, or directed by the applicable provider customer in accordance with law
- You may opt out of marketing emails by using the unsubscribe link in our emails or contacting us at privacy@clerie.ai
- Even if you opt out of marketing messages, we may still send transactional, operational, security, legal, billing, or account-related communications
7. AI Processing and Machine Learning
Clerie provides AI-assisted features to help providers and practices reduce administrative burden and improve workflows.
- AI-assisted features may help draft notes, summarize information, suggest billing codes, generate workflow recommendations, support scheduling, or assist with operational tasks
- AI-generated outputs are suggestions only. Healthcare providers remain responsible for reviewing, editing, approving, and using any AI-generated content
- Clerie's AI features do not make autonomous decisions about patient care, diagnosis, treatment, billing, or insurance claims
- When PHI is processed by AI-assisted features, Clerie applies privacy and security safeguards consistent with HIPAA, applicable Business Associate Agreements, and our customer agreements
- Clerie may use third-party AI infrastructure or service providers to provide AI-assisted features. When those providers process PHI, they must be bound by appropriate contractual, confidentiality, security, and Business Associate obligations where required
- Clerie does not use identifiable patient PHI from customer EHR records to train third-party foundation models unless expressly authorized in writing by the applicable customer and permitted by law
- Clerie may use de-identified or aggregated data to improve our services and AI-assisted functionality, using methods intended to satisfy HIPAA de-identification requirements, such as the Safe Harbor method or expert determination method where appropriate and permitted by law and applicable agreements
- Authorized Clerie personnel may review limited AI inputs, outputs, metadata, or error logs when necessary to provide support, investigate abuse or security issues, debug product functionality, or meet legal obligations, subject to access controls and confidentiality obligations
- Google Calendar data is not used to train AI models and is used only to provide calendar synchronization functionality
8. Information Sharing and Disclosure
We may share information as described below:
- With Provider Customers: We make patient information available to the healthcare provider or organization responsible for that information
- With Authorized Users: We share information with users authorized by the provider customer or account administrator
- With Service Providers and Subprocessors: We may share information with vendors that help us provide hosting, infrastructure, security, analytics, SMS delivery, email delivery, support, billing, claims, integrations, AI-assisted features, and other services. Where required, these vendors are bound by appropriate contractual, confidentiality, security, and Business Associate obligations
- With Healthcare Participants: We may process or disclose information to support treatment, payment, healthcare operations, claims processing, eligibility, medical clearinghouses and billing service providers, care coordination, or other healthcare-related purposes as directed by provider customers or permitted by law
- With Legal or Regulatory Authorities: We may disclose information when required by law, court order, subpoena, regulatory request, or other legal process, or when necessary to protect rights, safety, security, or prevent fraud or abuse
- In Business Transactions: If Clerie is involved in a merger, acquisition, financing, restructuring, sale of assets, or similar transaction, information may be disclosed or transferred as part of that transaction, subject to applicable law and contractual protections
- With Consent or Direction: We may share information when you or the applicable provider customer directs us to do so or gives appropriate consent
- We do not sell PHI. We do not sell mobile phone numbers or SMS consent data. We do not share patient PHI with advertisers
9. SMS and Text Messaging
This section explains how Clerie collects, uses, and protects mobile phone numbers and SMS/text messaging consent data.
- When you provide your mobile phone number and consent to receive text messages, we may collect your mobile phone number, opt-in consent, consent language, date and time of consent, source or method of consent, messaging preferences, delivery records, opt-out records, and STOP, START, HELP, or other messaging responses
- We use mobile phone numbers to send messages you have consented to receive, including transactional messages such as appointment reminders, confirmations, scheduling updates, care-related follow-ups, account or support messages, and operational updates
- Transactional messages and promotional messages are treated as separate consent categories. Promotional text messages are sent only to individuals who have separately and explicitly opted in to marketing communications
- Mobile phone numbers and SMS opt-in consent data will not be sold, rented, or shared with third parties or affiliates for their marketing purposes
- We may share mobile phone numbers and SMS consent data with service providers or subcontractors, such as SMS delivery platforms and messaging infrastructure providers, only as needed to operate and deliver our messaging program. These providers process mobile information on our behalf under confidentiality and security obligations and may not use it for their own marketing or commercial purposes
- You may opt out of SMS messages at any time by replying STOP to any Clerie text message, updating your preferences where available in your account, or contacting support@clerie.ai
- After you opt out, we may send a single confirmation message. You will not receive further marketing text messages unless you opt in again. Transactional or care-related messages may continue only where permitted by law, supported by separate consent, or required by the applicable provider or account relationship
- If you previously opted out, you may re-subscribe by texting START where supported or by completing a new opt-in process
- Message and data rates may apply. Message frequency varies depending on your account activity, appointment schedule, communication preferences, and the messaging programs you join. Carriers are not liable for delayed or undelivered messages
- Clerie's SMS program is intended for individuals 18 years of age or older. By providing your mobile phone number and consenting to SMS communications, you confirm that you are at least 18 years old or have appropriate authorization
- We retain SMS consent and opt-out records for a minimum of four years for compliance, audit, and legal purposes. These records are stored securely and are subject to the safeguards described in this Privacy Policy
10. Google Calendar and Google API Services
If you connect Google Calendar or other Google services to Clerie, we use Google user data only to provide and improve the specific integration functionality you enable.
- For Google Calendar, this may include displaying calendar events, syncing appointments, managing schedules, maintaining OAuth tokens, refresh tokens, and webhook subscriptions, and enabling calendar-related workflows inside Clerie
- Clerie's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements
- We do not use Google user data for advertising
- We do not sell Google user data
- We do not use Google Calendar data to train AI models
- We do not use Google user data for general platform improvement beyond the specific integration functionality
- Google Calendar events are fetched as needed for display and synchronization functionality and are not used for unrelated purposes
- We transfer Google user data only as necessary to provide user-facing integration functionality, protect the security of our services, comply with law, or as otherwise allowed by Google's Limited Use requirements
11. Google User Data Retention and Deletion
We implement specific retention and deletion practices for Google user data.
- Google Calendar integration data, including OAuth tokens, refresh tokens, and webhook subscriptions, is deleted when a user disconnects the Google Calendar integration
- When a user deletes an account, Google Calendar integration data is permanently removed from our systems within a reasonable period, generally within 30 days unless a longer period is required by law, security, backup, or legitimate business needs
- Users may request deletion of Google Calendar integration data through platform settings or by contacting privacy@clerie.ai
12. Cookies and Tracking Technologies
We use cookies, pixels, local storage, and similar technologies for limited operational, analytics, security, and marketing-attribution purposes.
- We use these technologies to maintain session state and authentication, remember preferences and settings, secure the website and platform, analyze website traffic and product usage, improve performance and user experience, support marketing attribution for our own services, and detect fraud, abuse, or security issues
- We do not use cookies or tracking technologies to serve third-party advertising based on patient PHI
- We do not intentionally place third-party advertising pixels or cross-site advertising trackers on authenticated EHR, portal, intake, invoice, or care-delivery pages where PHI is displayed
- Analytics tools used in authenticated product areas, if any, are configured for product performance, reliability, security, and usage measurement rather than advertising or third-party marketing
- You can control cookies through your browser settings. Disabling certain cookies may affect website or platform functionality
13. Data Security
Clerie uses administrative, technical, and physical safeguards designed to protect information, including PHI, personal information, mobile phone numbers, and SMS consent records.
- Safeguards may include encryption in transit and at rest, role-based access controls, authentication and access management, audit logging and monitoring, least-privilege access practices, secure backups, network and infrastructure safeguards, vendor and subprocessor review, workforce training, incident response procedures, security reviews, vulnerability management, and physical safeguards provided by secure data center and cloud infrastructure providers
- No system can be guaranteed to be completely secure. If you believe your information or account may have been compromised, contact security@clerie.ai immediately
14. Breach and Incident Notification
Clerie maintains incident response procedures designed to identify, investigate, mitigate, and respond to security incidents.
- If Clerie discovers a breach of unsecured PHI or another incident requiring notification, Clerie will notify affected provider customers, individuals, regulators, or other parties as required by applicable law, Business Associate Agreements, and customer agreements
- When Clerie acts as a Business Associate, we will notify the affected covered-entity customer without unreasonable delay and provide information reasonably needed for the customer to meet its own investigation, mitigation, and notification obligations, subject to the applicable Business Associate Agreement and law
15. Minimum Necessary and Access Controls
Where HIPAA's minimum necessary standard applies, Clerie is designed to support reasonable limits on access, use, and disclosure of PHI based on role, purpose, and customer configuration.
- Provider customers are responsible for configuring user access, permissions, workflows, and account settings appropriate for their organization and legal obligations
16. Data Retention, Export, and Deletion
We retain information for as long as necessary to provide services, comply with legal and contractual obligations, resolve disputes, maintain security, enforce agreements, and support legitimate business purposes.
- PHI and clinical records are retained in accordance with provider customer instructions, customer agreements, Business Associate Agreements, and applicable federal and state healthcare record retention requirements
- Provider customers may request export, return, deletion, or termination handling of customer data as described in their customer agreement, Business Associate Agreement, and applicable law
- Patients should contact their healthcare provider to request access, amendment, transfer, deletion, or other handling of medical records maintained by that provider in Clerie
- Account data is retained while an account is active and for a reasonable period thereafter
- SMS consent and opt-out records are retained for a minimum of four years for compliance, audit, and legal purposes
- Google Calendar integration data is retained only as needed to provide the integration and is deleted as described in Section 11
- Website, sales, and marketing data is retained as needed for business, legal, and compliance purposes, unless deletion is requested and required by applicable law
- Backup copies may persist for a limited period before being overwritten or deleted according to our backup lifecycle
17. Your Rights and Choices
Depending on your relationship with Clerie and applicable law, you may have rights to access, correct, delete, restrict, or receive a copy of certain personal information.
- If you are a patient whose information is maintained in Clerie by a healthcare provider, please contact your healthcare provider to exercise HIPAA rights such as access, amendment, restrictions, accounting of disclosures, or complaints regarding your medical record. Clerie will assist provider customers as required by applicable Business Associate Agreements and law
- If you are a provider, account user, website visitor, or sales prospect, you may contact privacy@clerie.ai to request access, correction, deletion, or opt-out of certain uses of your personal information
- You may opt out of marketing emails by using the unsubscribe link or contacting us
- You may opt out of SMS messages by replying STOP
- You may request deletion of mobile phone number and SMS consent records by contacting privacy@clerie.ai, subject to legal, compliance, and audit retention requirements
18. U.S. State Privacy Rights
Residents of certain U.S. states may have additional privacy rights under applicable state privacy laws.
- Depending on your state and the nature of the information, these rights may include the right to access, correct, delete, or receive a portable copy of personal information, and the right to opt out of certain processing such as sale, sharing, targeted advertising, or profiling with legal or similarly significant effects
- Clerie does not sell PHI or mobile phone numbers. Clerie does not share patient PHI for cross-context behavioral advertising or third-party marketing
- If Clerie processes your information on behalf of a provider customer, we may refer your request to that provider or assist the provider in responding as required by law and contract
- You may submit privacy requests by contacting privacy@clerie.ai. We may need to verify your identity or authority before fulfilling a request
- We will not discriminate against you for exercising applicable privacy rights
19. Children's Privacy
Clerie's website, platform, and SMS programs are not directed to children under 13, and our SMS program is intended for individuals 18 or older.
- Because Clerie is used by healthcare providers, patient records may include information about minors when entered or managed by a provider customer. In those cases, Clerie processes the information on behalf of the provider customer under applicable agreements and law
- If you believe information has been submitted to Clerie improperly, contact privacy@clerie.ai
20. Sensitive Health Information
Clerie may process sensitive health information on behalf of provider customers, including behavioral health information, mental health records, substance use-related information, reproductive health-related information, or other categories subject to special legal protections.
- Provider customers are responsible for determining which laws apply to their practice and configuring their use of Clerie accordingly
- Clerie supports privacy and security safeguards for sensitive information as required by applicable agreements and law
21. International Users
Clerie is operated from the United States and is primarily intended for use by U.S.-based healthcare providers and organizations.
- If you access Clerie from outside the United States, your information may be processed in the United States or other jurisdictions where our service providers operate
22. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our services, technology, legal requirements, or business practices.
- When we make material changes, we may notify users by updating the Last Updated date, posting notice on our website, sending an email, or providing an in-platform notice
- Your continued use of Clerie after an updated Privacy Policy becomes effective means you acknowledge the updated Privacy Policy
23. Contact Information
For privacy-related questions, requests, or concerns, contact us at:
- Privacy Officer: privacy@clerie.ai
- Security Team: security@clerie.ai
- General and SMS Support: support@clerie.ai
- Website: ehr.clerie.ai/privacy-policy
- Mailing Address: TYNACO LLC dba Clerie, 1555 Freedom Blvd 200 W, Provo, UT 84604, USA