ClinMatch
Privacy

Notice of Privacy Practices

Effective date: May 2026. This notice describes how ClinMatch Health collects, uses, and protects your health-related information.

What information we collect

ClinMatch collects information you provide when creating an account and booking an appointment: name, email address, phone number, reason for visit, and any notes you include in your booking request. We do not store full medical records, diagnoses, treatment plans, lab results, or insurance plan details.

How we use your information

We use your information to:

  • Match you with and connect you to healthcare providers
  • Send booking confirmations, reminders, and status updates via email or SMS
  • Allow providers to review your booking request and reason for visit
  • Process support requests and resolve disputes
  • Detect and prevent fraud and abuse
  • Comply with applicable law

We do not sell your personal information to third parties. We do not use your health information for targeted advertising.

Who we share information with

We share your booking information with the healthcare provider you select so they can prepare for your visit. We use third-party services to operate the platform — including Supabase (database), Resend (email), Twilio (SMS), and Stripe (payments). These vendors are bound by data processing agreements and are not permitted to use your data for their own purposes.

We may disclose information if required by law, court order, or to protect the safety of users or the public.

Your rights

You have the right to:

  • Access a copy of the information ClinMatch holds about you
  • Correct inaccurate personal information
  • Request deletion of your account and associated data
  • Opt out of SMS notifications at any time by replying STOP
  • File a complaint with us or with the relevant data protection authority

To exercise any of these rights, contact us at support@clinmatchhealth.com.

Data retention

We retain booking records for up to 7 years to support medical coordination, dispute resolution, and legal compliance. Account data is deleted within 30 days of an account deletion request. Backups may retain data for up to 90 additional days.

Security

ClinMatch uses industry-standard safeguards including TLS encryption in transit, encrypted storage at rest, and role-based access controls. Only authorized personnel can access personal data, and only to the extent necessary to provide the service.

Business Associate Agreements

If ClinMatch acts as a business associate to a HIPAA-covered healthcare provider, a Business Associate Agreement will be executed before any protected health information is shared. Covered providers should contact admin@clinmatchhealth.com to initiate a BAA.

Contact

For privacy questions, data requests, or to report a concern: support@clinmatchhealth.com or via our support page.