KLIQ Privacy Policy
1. Scope: non-PHI vs PHI
This Privacy Policy explains how KLIQ collects, uses, and shares information when you use our website and related services (collectively, the "Services").
Important distinction:
- Website / general data (non-PHI): Information collected when you browse our website or contact us directly.
- PHI (HIPAA-regulated): If KLIQ handles Protected Health Information (PHI) on behalf of a clinic, physician practice, or surgery center (the "Clinic"), our handling of PHI is governed by the Clinic's Business Associate Agreement (BAA) with KLIQ and HIPAA requirements. The Clinic (Covered Entity) controls its HIPAA Notice of Privacy Practices and patient rights process.
2. Information we collect
Depending on how the Services are configured, we may collect:
A. Information you provide
- screening/chat responses and other portal submissions
- appointment coordination information
- communications you send to us (support requests)
B. Information collected automatically
- device/browser information
- IP address and approximate location (city/state)
- usage data (pages visited, timestamps)
- cookies and similar technologies
3. How we use information
We use information to:
- provide and operate the Services for you and the Clinic
- create summaries/scores/outputs for Clinic review (administrative coordination)
- secure the Services and prevent fraud/abuse
- troubleshoot, improve performance, and maintain quality
- comply with legal obligations
4. How we share information
We may share information:
- with the Clinic you are interacting with, so the Clinic can make decisions and follow up
- with service providers that help us operate the Services (hosting, security, support, analytics), under contracts
- for legal/safety reasons (e.g., to comply with law, enforce rights, prevent harm)
- in a corporate transaction (merger/acquisition/asset sale), with appropriate safeguards
We do not sell personal information.
5. Email and PHI
We do not send PHI via ordinary email. Emails from KLIQ generally contain administrative notices or links to the portal.
Unsolicited PHI received by email: If a patient, Clinic, or third party sends PHI to KLIQ via email (even if unintended), we will handle it in a way consistent with our obligations and security practices. This may include limiting use and disclosure, restricting access, retaining it only as needed, and directing the sender to use the portal or other secure method going forward.
Minimization in email replies: If we respond to an email that appears to contain PHI, we may respond without repeating the PHI and instead provide instructions for secure follow-up through the portal.
6. PHI and HIPAA (when applicable)
If KLIQ handles PHI for a Clinic:
- KLIQ's permitted uses and disclosures of PHI are governed by the BAA and HIPAA.
- KLIQ implements administrative, technical, and physical safeguards designed to protect PHI as required by HIPAA and the BAA.
- KLIQ may use PHI to provide the Services, support operations, meet contractual obligations, and comply with legal requirements.
Patient rights requests: Requests to access/amend records or obtain an accounting of disclosures are typically handled by the Clinic. If you contact KLIQ with a rights request, we may direct you to the Clinic or coordinate as permitted by the BAA.
7. Service provider categories
We use service providers to help us operate the Services. Depending on configuration, these may include providers for:
- cloud hosting and data storage
- security monitoring and fraud/abuse prevention
- customer support and communications tooling
- analytics and performance monitoring
- identity and access management (authentication)
- backups and disaster recovery
- legal, accounting, and professional services
We require service providers to be under appropriate contractual obligations, and where PHI is involved, we require additional safeguards consistent with HIPAA and our agreements with Clinics.
8. Cookies and analytics
We may use cookies and similar technologies for essential site functionality, security and fraud prevention, and measuring site usage and improving performance.
You can control cookies through browser settings, but disabling cookies may impact functionality.
9. Data retention
We retain information only as long as needed to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Retention for PHI may be governed by the Clinic's requirements and the BAA.
10. Security
We use reasonable safeguards designed to protect information, such as access controls and encryption in transit. No method of transmission or storage is 100% secure.
11. Your choices and rights (non-HIPAA)
Depending on your location, you may have rights to request access, correction, or deletion of certain non-PHI information. To request this, contact privacy@kliqnow.com. We may need to verify your identity.
12. Children's privacy
The Services are not intended for children under 13 (or under 16 in certain regions) unless provided through a Clinic with appropriate consent.
13. International users
If you access the Services outside the U.S., your information may be processed in the U.S. or other locations where our service providers operate, consistent with this Policy and applicable law.
14. Changes to this Privacy Policy
We may update this Privacy Policy and will post changes with a revised effective date.
15. Contact
Email: privacy@kliqnow.com