Legal

Consentivize Privacy Policy

Consentivize, Inc. (“Consentivize,” “we,” “us,” or “our”) respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect information from medical practices (“Practice,” “you,” or “your”) using the Consentivize platform (“Service”). This Policy is incorporated by reference into our Terms of Service and Business Associate Agreement (BAA).

1. Information We Collect

1.1 Protected Health Information (PHI)

  • PHI is any information about patients that identifies them or can be used to identify them.
  • PHI is collected, stored, and processed only as necessary to provide the Service.
  • All PHI is handled according to the attached BAA.

1.2 Practice Information

  • Practice name, address, contact info, billing info, and account credentials.
  • Usage data, login activity, and Service interactions.

1.3 Non-PHI Data

  • Technical information (browser type, OS, IP address, device type) collected automatically.
  • Cookies or similar technologies to improve Service performance, track usage, and support analytics.

2. How We Use Information

We use collected information to:

  • Provide and operate the Service, including digital consent workflows, e-signatures, patient education, and scheduling.
  • Authenticate accounts and prevent unauthorized access.
  • Maintain HIPAA compliance and security safeguards.
  • Process payments (via third-party processors like Stripe).
  • Improve and enhance the Service, including aggregated analytics and de-identified data.

3. How We Share Information

3.1 PHI

  • Shared only as permitted under the BAA or as required by law.
  • May involve subcontractors or agents (e.g., cloud hosting providers, payment processors) who have signed BAAs or equivalent agreements.

3.2 Non-PHI / De-Identified Data

We may use or share de-identified data, analytics, and aggregate statistics for product development, research, or other lawful purposes.

3.3 Legal Compliance

May disclose information if required by law, subpoena, court order, or governmental authority.

4. Data Security

  • Administrative, technical, and physical safeguards are in place to protect PHI and other data.
  • Regular monitoring and encryption of data in transit and at rest.
  • Practices are responsible for securing their own accounts and devices.

5. Data Retention & Deletion

  • PHI is retained only as necessary to provide the Service or as required by law.
  • Consentivize automatically purges all patient records older than 90 days, except where longer retention is required by law or requested by the Practice.
  • Upon account termination, Practices may export data for 30 days. After that, remaining PHI is permanently deleted in accordance with the BAA.

6. Cookies & Tracking

  • We use cookies, web beacons, and analytics tools to improve Service performance, understand usage, and for operational purposes.
  • Analytics cookies may be used to measure Service usage; no PHI is included in analytics data.
  • No cookies are used to track patients or identify individuals outside of the Service.

7. Third-Party Services

  • Third-party services (e.g., Stripe for payments, cloud hosting providers) may have their own privacy practices.
  • All PHI handled by third parties is governed by BAAs or equivalent agreements.

8. Your Rights & Responsibilities

  • Practices must obtain all necessary patient consents for electronic communications, e-signatures, and PHI collection.
  • Practices may request access to their account data, corrections, or export. Requests should be sent to support@consentivize.com and will be fulfilled within 30 days.
  • Practices are responsible for securing their own accounts and controlling user access.

9. International Data Transfers

  • Any data transferred outside the U.S. will comply with applicable laws, including GDPR where relevant.
  • Practices operating outside the U.S. may be required to execute a Data Processing Addendum (DPA).

10. Updates to This Privacy Policy

  • We may update this Privacy Policy with 30 days’ notice. Material changes will be communicated via email to the Practice’s admin account.
  • Continued use of the Service after updates constitutes acceptance of the updated Policy.

11. Contact Us

Consentivize, Inc.

Centrael Evans, Founder & CEO

Email: support@consentivize.com

© 2026 Consentivize. All rights reserved.