Who this applies to
This Privacy summary applies to:
- Customers — the practices, clinics, and groups that use applaud to generate reviews.
- Patients— the people our Customers care for, whose visit and contact information we process on the Customer's behalf.
- Visitors — anyone who browses applaud.you.
When we act for a Customer, we are a HIPAA Business Associate. A signed BAA governs that relationship.
What we collect
From Customers: account credentials, billing details, the EHR or practice-management identifier used to sync visits.
From Patients, via the Customer's EHR: only the minimum necessary to make outreach work — name, phone, email, visit date, and provider. We do not pull diagnoses, notes, prescriptions, or any clinical data. Ever.
From Visitors: standard web analytics (page, referrer, country-level IP). No tracking pixels from ad networks.
How we use it
- To run review outreach on the Customer's behalf via SMS, email, and outreach specialists from our network.
- To produce the funnel reports, alerts, and recurring calls the Customer has chosen.
- To meet our compliance obligations (audit logs, opt-out lists, consent records).
- To improve our outreach AI and scripts. Patient-level data is never used to train models without explicit Customer authorization, and never sold to third parties — full stop.
SMS and text messaging
If you provide your phone number and opt in to SMS on our website (e.g. the free audit form or booking page), we may send you text messages related to the service you requested — including audit status updates, appointment reminders, and a limited number of follow-up messages.
- Message frequency: varies; typically 1–4 messages per interaction.
- Opt-out: reply STOP to any message at any time. We honor opt-outs instantly.
- Help: reply HELP for support, or email [email protected].
- Message and data rates may apply depending on your carrier and plan.
- Consent to receive SMS is not a condition of purchasing any service from applaud.
We do not sell, rent, or share your phone number or SMS opt-in data with third parties for their marketing purposes.
Patient and customer rights
Patients can request deletion or correction of their information at any time by emailing [email protected]. We acknowledge within 5 business days and complete the request within 30 days. SMS opt-outs are honored instantly across channels.
Customers can export their data, terminate the service, and request deletion of all associated records under their Customer Agreement.
Security
- Encryption in transit (TLS 1.2+) and at rest (AES-256).
- Access on a least-privilege basis. No production engineer has standing access to patient data.
- We maintain audit logs of patient-data access and retain them for the duration of the Customer Agreement.
- HIPAA-aligned operational controls.
Retention
Patient outreach records are kept for the duration of the Customer Agreement plus the period required by HIPAA and applicable state law (typically six to seven years), then deleted from primary systems and backup tiers on a documented schedule.
Changes to this summary
If we make material changes, we'll email Customers and update the “effective” date at the top of this page. The full legal Privacy Policy supersedes this summary in any conflict.
Questions? [email protected]