CA
Chiro Adjust

Privacy Policy

Last updated: January 1, 2025

1. Introduction

Chiro Adjust ("Company," "we," "us," or "our") is committed to protecting your privacy and the security of your personal and health information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit our website at chiroadjust.com, use our mobile applications, or interact with our services (collectively, the "Platform").

2. Information We Collect

Personal Information

  • Name, email address, phone number, and mailing address
  • Date of birth and gender
  • Account credentials (encrypted)
  • Payment information (processed securely via Stripe; we do not store full card numbers)

Protected Health Information (PHI)

  • Medical history and health conditions
  • Appointment records and SOAP notes
  • Treatment plans and clinical assessments
  • Insurance and billing information
  • Emergency contact information

Automatically Collected Information

  • Device type, operating system, and browser information
  • IP address and approximate location
  • Pages visited, features used, and interaction patterns
  • Referral sources and search terms

3. How We Use Your Information

We use the information we collect to:

  • Facilitate appointment booking and provider matching
  • Process payments and generate superbills for insurance reimbursement
  • Enable communication between patients and providers
  • Maintain and improve the Platform's functionality and security
  • Send appointment reminders, confirmations, and service updates
  • Comply with legal and regulatory requirements, including HIPAA
  • Analyze usage patterns to improve our services (using de-identified data only)

4. HIPAA Compliance

As a healthcare technology platform, Chiro Adjust is committed to compliance with the Health Insurance Portability and Accountability Act (HIPAA). We implement the following safeguards:

  • Encryption at rest: All protected health information is encrypted using industry-standard Fernet symmetric encryption
  • Encryption in transit: All data transmitted between your device and our servers is encrypted via TLS/SSL
  • Access controls: Strict role-based access ensures only authorized personnel can access PHI
  • Audit logging: All access to PHI is logged and monitored for security compliance
  • Minimum necessary: We limit PHI access to the minimum necessary for the intended purpose
  • Business Associate Agreements: We maintain BAAs with all third-party service providers who may access PHI

5. Data Sharing & Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

  • With providers: To facilitate your chiropractic care appointments
  • Payment processors: Stripe processes payments on our behalf under strict data security standards (PCI DSS Level 1)
  • Service providers: Trusted third parties who assist with email delivery, hosting, and analytics, all bound by confidentiality obligations
  • Legal requirements: When required by law, regulation, legal process, or governmental request
  • Safety: To protect the rights, property, or safety of Chiro Adjust, our users, or the public

6. Data Security

We implement robust technical and organizational measures to protect your information, including encrypted database storage, secure server infrastructure, regular security assessments, and strict employee access controls. While no system is 100% secure, we continuously monitor and improve our security practices to safeguard your data.

7. Cookies & Tracking

We use cookies and similar technologies to:

  • Maintain your session and authentication state
  • Remember your preferences and settings
  • Analyze Platform usage and performance
  • Prevent fraud and enhance security

You can control cookies through your browser settings. Note that disabling cookies may affect Platform functionality.

8. Your Rights

You have the right to:

  • Access the personal and health information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your account and personal data (subject to legal retention requirements)
  • Receive a copy of your health records in a portable format
  • Opt out of non-essential marketing communications
  • File a complaint with the U.S. Department of Health and Human Services if you believe your HIPAA rights have been violated

To exercise any of these rights, contact us at contact@chiroadjust.com.

9. Children's Privacy

The Platform is not intended for use by individuals under the age of 18 without parental or guardian consent. We do not knowingly collect personal information from children under 13. If we learn that we have collected information from a child under 13 without parental consent, we will delete that information promptly.

10. Data Retention

We retain your personal information for as long as your account is active or as needed to provide services. Health records are retained in accordance with applicable state and federal healthcare record retention laws, which may require retention for a minimum of seven (7) years after the last date of service. We will securely delete or de-identify your information when it is no longer required.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Platform and updating the "Last updated" date. For significant changes affecting how we handle PHI, we will provide additional notice via email. Your continued use of the Platform after any changes constitutes your acceptance of the revised policy.

12. Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us at contact@chiroadjust.com.