Privacy

Privacy, in plain language.

applaud was built inside healthcare, where privacy isn't a setting — it's the foundation. This page is a plain-English summary. The full legal Privacy Policy is available on request and is incorporated into every Customer Agreement and BAA.

Who this applies to

This Privacy summary applies to:

  • Customers — the practices, clinics, and groups that use applaud to generate reviews.
  • Patients— the people our Customers care for, whose visit and contact information we process on the Customer's behalf.
  • Visitors — anyone who browses applaud.you.

When we act for a Customer, we are a HIPAA Business Associate. A signed BAA governs that relationship.

What we collect

From Customers: account credentials, billing details, the EHR or practice-management identifier used to sync visits.

From Patients, via the Customer's EHR: only the minimum necessary to make outreach work — name, phone, email, visit date, and provider. We do not pull diagnoses, notes, prescriptions, or any clinical data. Ever.

From Visitors: standard web analytics (page, referrer, country-level IP). No tracking pixels from ad networks.

How we use it

  • To run review outreach on the Customer's behalf via SMS, email, and outreach specialists from our network.
  • To produce the funnel reports, alerts, and recurring calls the Customer has chosen.
  • To meet our compliance obligations (audit logs, opt-out lists, consent records).
  • To improve our outreach AI and scripts. Patient-level data is never used to train models without explicit Customer authorization, and never sold to third parties — full stop.

Who sees the data

The data lives inside our environment and the subprocessors required to run the service (hosting, telephony, email delivery). Each subprocessor is bound by a HIPAA-compliant BAA where applicable. A current subprocessor list is available on request.

We do not sell patient data. We do not share it for advertising. We do not provide it to third parties except under court order, where we will give the Customer notice unless legally prohibited.

SMS and text messaging

If you provide your phone number and opt in to SMS on our website (e.g. the free audit form or booking page), we may send you text messages related to the service you requested — including audit status updates, appointment reminders, and a limited number of follow-up messages.

  • Message frequency: varies; typically 1–4 messages per interaction.
  • Opt-out: reply STOP to any message at any time. We honor opt-outs instantly.
  • Help: reply HELP for support, or email [email protected].
  • Message and data rates may apply depending on your carrier and plan.
  • Consent to receive SMS is not a condition of purchasing any service from applaud.

We do not sell, rent, or share your phone number or SMS opt-in data with third parties for their marketing purposes.

Patient and customer rights

Patients can request deletion or correction of their information at any time by emailing [email protected]. We acknowledge within 5 business days and complete the request within 30 days. SMS opt-outs are honored instantly across channels.

Customers can export their data, terminate the service, and request deletion of all associated records under their Customer Agreement.

Security

  • Encryption in transit (TLS 1.2+) and at rest (AES-256).
  • Access on a least-privilege basis. No production engineer has standing access to patient data.
  • We maintain audit logs of patient-data access and retain them for the duration of the Customer Agreement.
  • HIPAA-aligned operational controls.

Retention

Patient outreach records are kept for the duration of the Customer Agreement plus the period required by HIPAA and applicable state law (typically six to seven years), then deleted from primary systems and backup tiers on a documented schedule.

Changes to this summary

If we make material changes, we'll email Customers and update the “effective” date at the top of this page. The full legal Privacy Policy supersedes this summary in any conflict.