Privacy Policy
Effective Date: February 20, 2026
1. Introduction
ClariMe Health LLC ("we," "our," or "ClariMe") is committed to protecting the privacy and security of your personal and health information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use the ClariMe mobile application and related services (collectively, the "Service").
ClariMe is a patient-focused application that allows you to record doctor visits, receive AI-generated summaries of your appointments, and share visit information with family members and caregivers through Care Groups.
ClariMe Health LLC is not a healthcare provider, health plan, or healthcare clearinghouse, and therefore is not a "covered entity" as defined under the Health Insurance Portability and Accountability Act ("HIPAA"). However, we voluntarily adopt security and privacy safeguards designed to be consistent with many HIPAA Security Rule concepts, and we enter into Business Associate Agreements ("BAAs") with our service providers, because we believe your health information deserves robust protection regardless of whether specific regulations legally require it of us.
1.1 Data Minimization
We collect only the information reasonably necessary to provide, maintain, and improve the Service. We do not collect data beyond what is required for the purposes described in this Privacy Policy.
By using ClariMe, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the Service. For questions, contact us at privacy@clarime.health.
2. Information We Collect
2.1 Information You Provide
- Phone Number: Used as your unique account identifier and for authentication via SMS verification codes.
- Name: Your first name, used to personalize your experience within the app.
- Audio Recordings: With your healthcare provider's consent, you may record audio of your medical appointments using the app.
- Provider Information: Names, specialties, and practice locations of healthcare providers you visit, as entered by you.
- Care Group Information: Names and phone numbers of family members or caregivers you invite to your Care Groups.
- Feedback and Communications: Any feedback, suggestions, comments, or correspondence you voluntarily send to us.
2.2 Information We Generate
- Visit Summaries: AI-generated summaries of your recorded appointments, including key discussion points, medications mentioned, follow-up instructions, and suggested questions for future visits. Summaries are not part of your healthcare provider's designated record set and are not official medical records.
- Transcriptions: Text transcriptions of your audio recordings, generated using medical speech recognition technology. Transcriptions are used solely as an intermediate processing step to generate your visit summaries and are not displayed to you within the app.
2.3 Information Collected Automatically
- Device Information: Device type, operating system, and browser type for app functionality and troubleshooting.
- Usage Data: How you interact with the app (features used, screens visited) to improve the Service.
- Approximate Location: If you grant location permission, the app may use your approximate location to suggest your provider's practice location during the post-recording flow. Location data is not stored on our servers and is used solely for this in-app convenience feature. You may revoke location permission at any time through your device settings.
- Authentication Data: Login timestamps, session information, and security events for account protection.
- Crash and Performance Data: Anonymous crash reports and performance metrics to identify and fix issues with the Service. This data does not contain health information or personally identifiable information.
2.4 Biometric Authentication Data
ClariMe offers optional biometric authentication (Face ID, Touch ID, or fingerprint) as a convenience feature. When you enable biometric sign-in, your biometric data is processed entirely on your device by the operating system. ClariMe does not collect, receive, store, transmit, or have access to your biometric data (such as facial geometry or fingerprint patterns) at any time. We store only a local flag on your device indicating that you have enabled biometric authentication. No biometric identifiers or biometric information, as defined under the Illinois Biometric Information Privacy Act or similar state laws, are collected or processed by ClariMe.
3. How We Use Your Information
We use your information for the following purposes:
- Core Service Delivery: Recording your visits, generating AI summaries, and enabling Care Group sharing.
- Authentication and Security: Verifying your identity, securing your account, and detecting and preventing fraud or unauthorized access.
- Service Improvement: Analyzing usage patterns and performance data to improve app functionality, summary quality, and user experience.
- Communication: Sending Care Group notifications, authentication codes, and essential service updates via SMS.
- Legal Compliance: Meeting our obligations under applicable laws and regulations.
- Safety and Integrity: Protecting the security and integrity of the Service and our users.
We do not sell your personal information or health data. We do not use your health information for advertising, marketing to third parties, or any purpose unrelated to providing and improving the Service.
3.1 Legal Basis for Processing
We process your information based on the following legal grounds, as applicable:
- Consent: You provide consent when you create an account, enable optional features (such as biometric authentication or location services), and direct sharing through Care Groups.
- Performance of a Contract: Processing is necessary to provide the Service to you under our Terms of Service.
- Compliance with Legal Obligations: We may process data where necessary to comply with applicable laws, regulations, or legal proceedings.
- Legitimate Interests: We may process data for our legitimate business interests, such as improving the Service, preventing fraud, and ensuring security, provided such interests are not overridden by your rights and interests.
3.2 De-Identified and Aggregated Data
We may create de-identified or aggregated data from information collected through the Service. De-identification is performed using methods designed to ensure the data cannot reasonably be used to identify any individual. We will maintain de-identified data in de-identified form and will not attempt to re-identify it, except as permitted by law (for example, to validate the effectiveness of our de-identification process). De-identified and aggregated data may be used for research, analytics, service improvement, and other lawful purposes, and is not subject to the individual-specific restrictions of this Privacy Policy.
4. How We Share Your Information
4.1 At Your Direction
- Care Groups: When you add family members or caregivers to a Care Group, they can view your visit summaries. You control who is in each Care Group and can remove members at any time. By adding members and sharing summaries, you are instructing ClariMe to disclose your health information to those recipients.
- SMS Sharing: Care Group members who do not use the app may receive visit summary information via SMS at your direction. By initiating SMS sharing, you acknowledge that SMS messages may not be encrypted end-to-end and that you are directing the transmission of your health information through this channel.
4.2 Service Providers
We work with trusted service providers who process data on our behalf. All service providers who handle health information are required to execute BAAs or equivalent data protection agreements before receiving access to such data. Our service providers fall into the following categories:
- Cloud Infrastructure and Storage: Encrypted data hosting and storage services.
- Speech Recognition and AI Processing: Medical transcription and AI-powered summary generation.
- Authentication Services: User identity verification and account security.
- Communications: SMS delivery for authentication codes and Care Group notifications.
- Analytics: We may use third-party analytics providers who process usage data on our behalf under contractual confidentiality and data protection obligations. Analytics providers receive only de-identified or aggregated data and do not have access to your health information.
Our current primary infrastructure provider is Amazon Web Services (AWS), which provides cloud hosting, encrypted data storage, medical transcription (AWS Transcribe Medical), AI processing (AWS Bedrock), user authentication (AWS Cognito), and SMS delivery (AWS SNS). All AWS services operate under a single AWS BAA.
We may engage additional service providers from time to time. Any provider handling health information will be required to enter into a BAA or equivalent agreement before receiving access to such data. We do not share your data with any service providers who have not executed appropriate data protection agreements.
4.3 Data Processing Locations
Your information may be stored and processed in the United States. If we engage service providers who process data in other jurisdictions, we will ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable law.
4.4 Legal Requirements
We may disclose your information if required to do so by law, court order, subpoena, or government regulation, or if we believe in good faith that disclosure is reasonably necessary to: (a) comply with a legal obligation; (b) protect the rights, property, or safety of ClariMe, our users, or the public; (c) detect, prevent, or address fraud, security issues, or technical problems; or (d) enforce our Terms of Service.
4.5 Business Transfers
In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via SMS or in-app notice before your information becomes subject to a different privacy policy.
5. Data Security
We implement comprehensive technical, administrative, and physical safeguards designed to be consistent with many HIPAA Security Rule concepts:
- Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher.
- Encryption at Rest: All stored data, including audio recordings, transcriptions, and visit summaries, is encrypted using AES-256 encryption.
- Access Controls: Strict role-based access controls ensure that only you (and those you authorize through Care Groups) can access your health information.
- Authentication: Phone-based verification with SMS one-time passcodes, with optional biometric authentication for enhanced convenience and security.
- Audit Logging: We maintain logs of access to health information for security monitoring and compliance purposes.
- Risk Assessments: We conduct periodic risk assessments of our information security practices to identify and address potential vulnerabilities.
While we implement industry-standard security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any security incidents in accordance with Section 6 below.
6. Data Breach Notification
6.1 Definition
For purposes of this Privacy Policy, a "security incident" means a confirmed unauthorized acquisition of, or access to, unencrypted personal information or protected health information that compromises the security, confidentiality, or integrity of such information.
6.2 Notification
In the event of a security incident involving your information, we will notify affected individuals without unreasonable delay and in no event later than sixty (60) days following discovery of the incident, or sooner where required by applicable state or federal law. Notification will be provided via SMS to your registered phone number and, where available, via email or in-app notification. We will also notify relevant regulatory authorities as required by applicable federal and state breach notification laws, including the Louisiana Database Security Breach Notification Law (La. R.S. 51:3071 et seq.).
If you believe your ClariMe account or data has been compromised, please contact us immediately at security@clarime.health or support@clarime.health.
7. Data Retention
- Audio Recordings: Retained for up to thirty (30) days after processing to ensure summary accuracy, then permanently deleted from active systems.
- Transcriptions: Retained for up to thirty (30) days after summary generation, then permanently deleted from active systems. Transcriptions are intermediate processing artifacts and are not accessible to you within the app.
- Visit Summaries: Retained for as long as your account is active, or until you request deletion.
- Account Information: Retained for as long as your account is active. Upon account deletion, personal information is removed within thirty (30) days, subject to legal retention requirements.
- Audit Logs: Retained for six (6) years in accordance with HIPAA-aligned record retention practices.
Please note that deletion from active systems may not immediately remove residual copies from encrypted backups, which are securely maintained and overwritten on a rolling basis. We may also retain certain information as required by applicable law, regulation, or legal hold obligations. All retained data continues to be protected by the security measures described in this Privacy Policy.
8. Your Rights
You have the following rights regarding your information:
- Access: You can access your visit summaries and account information through the app at any time. If you wish to request access to other data we maintain about you (such as raw transcriptions during the retention period), you may submit a written request to privacy@clarime.health.
- Correction: You may request correction of inaccurate personal information by contacting us.
- Deletion: You may request deletion of your account and associated data. We will comply within thirty (30) days, subject to legal retention requirements and the backup deletion timeline described in Section 7.
- Data Portability: You may request a copy of your visit summaries in a commonly used, machine-readable format.
- Restrict Sharing: You control Care Group membership and can remove members or delete groups at any time.
- Withdraw Consent: You may withdraw your consent to specific data uses at any time, though this may affect the functionality of the Service available to you.
To exercise any of these rights, contact us at privacy@clarime.health or support@clarime.health. We will acknowledge receipt of your request within ten (10) business days and fulfill it within thirty (30) days.
8.1 Appeals
If we decline a request to exercise any of your rights, we will provide a written explanation of the basis for the denial. You may appeal our decision by contacting privacy@clarime.health with the subject line "Privacy Rights Appeal." We will respond to appeals within thirty (30) days. If your appeal is denied and you are a resident of a state with an applicable privacy law that provides for further appeal, we will provide you with information on how to contact the appropriate state authority.
9. SMS Communications
By providing your phone number and using the Service, you consent to receive SMS messages from ClariMe, including:
- Authentication codes for account verification and sign-in (required to use the Service).
- Care Group notifications when visit summaries are shared with your group members.
- Essential service communications such as security alerts, breach notifications, or material changes to the Service.
We will not send marketing or promotional SMS messages. Message frequency varies based on your use of the Service. Message and data rates may apply depending on your mobile carrier plan.
Opt-Out: You may reply STOP to any non-essential SMS message to opt out of non-essential communications. Reply HELP for assistance. Please note that authentication and security messages are required for the Service to function; opting out of these messages will prevent you from using ClariMe. To fully stop all messages, you must delete your account by contacting support@clarime.health.
SMS Opt-In Data: Your SMS opt-in data and consent will not be shared with or sold to any third parties or affiliates for their marketing purposes. The above excludes text messaging originator opt-in data and consent; this information will not be shared with any third parties.
SMS Security: You acknowledge that SMS is not a fully secure method of communication and that messages may be intercepted or accessed by unauthorized third parties. ClariMe is not responsible for unauthorized access to information resulting from SMS transmission that you have directed, including Care Group sharing via SMS. If you have concerns about SMS security, you may choose to share visit summaries only through the ClariMe app.
10. Our Commitment to Health Data Protection
Although ClariMe Health LLC is not a covered entity under HIPAA, we voluntarily adopt the following practices because we believe they represent the appropriate standard of care for health information:
- We maintain BAAs with all third-party service providers who handle health information.
- We implement administrative, physical, and technical safeguards designed to be consistent with many HIPAA Security Rule concepts.
- We maintain policies and procedures for breach notification consistent with the HIPAA Breach Notification Rule.
- We apply the minimum necessary standard when using or disclosing health information internally.
- We conduct periodic risk assessments of our information security practices.
Important: ClariMe is a tool for patients to manage their own health information. When you choose to share your visit summaries with Care Group members, you are directing the disclosure of your own health information. ClariMe facilitates this sharing at your direction but does not independently decide to share your information with third parties.
11. Children's Privacy
ClariMe is not directed to and is not intended for use by individuals under the age of eighteen (18). We do not knowingly collect personal information from children under 18. In compliance with the Children's Online Privacy Protection Act ("COPPA") and similar state laws, if we learn that we have inadvertently collected personal information from a child under 13, we will delete such information promptly. If you believe a child has provided us with personal information, please contact us immediately at privacy@clarime.health.
12. Online Tracking and Cookies
The ClariMe mobile application does not use cookies. If you access ClariMe through a web browser, we may use limited, essential cookies or similar technologies for authentication and session management. We do not use tracking cookies, advertising cookies, or cross-site tracking technologies.
ClariMe does not currently respond to "Do Not Track" browser signals. Because we do not engage in cross-site tracking or targeted advertising, this setting does not materially affect how we handle your data.
13. State-Specific Disclosures
Louisiana: ClariMe Health LLC is organized under the laws of Louisiana. We comply with the Louisiana Database Security Breach Notification Law (La. R.S. 51:3071 et seq.) and all applicable state data protection requirements.
California: If you are a California resident, you may have additional rights under the California Consumer Privacy Act ("CCPA") and California Privacy Rights Act ("CPRA"), including the right to know what personal information we collect, the right to delete your information, the right to correct inaccurate information, and the right to opt out of the sale or sharing of your personal information. We do not sell or share personal information for cross-context behavioral advertising. To exercise your California privacy rights, contact us at privacy@clarime.health. We will not discriminate against you for exercising your rights.
Illinois, Texas, and Washington: If you reside in a state with biometric privacy laws, please note that ClariMe does not collect, store, or process biometric identifiers or biometric information. Biometric authentication is handled entirely by your device's operating system. See Section 2.4 for details.
Other U.S. States: Additional state privacy laws (such as the Virginia Consumer Data Protection Act, Colorado Privacy Act, Connecticut Data Privacy Act, and similar legislation) may provide you with additional rights regarding your personal information. We are committed to honoring the spirit of these laws. If you believe you have rights under your state's privacy law that are not addressed above, please contact us at privacy@clarime.health and we will work to accommodate your request.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by: (a) posting the updated policy within the app; (b) updating the effective date; and (c) sending an SMS notification to your registered phone number for significant changes that affect how we collect, use, or share your health information. Where you have provided an email address, we will also send notification via email.
Your continued use of the Service after changes are posted constitutes acceptance of the revised policy. We encourage you to review this Privacy Policy periodically.
15. Contact Information
If you have questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us:
ClariMe Health LLC
Privacy inquiries: privacy@clarime.health
General support: support@clarime.health
Security incidents: security@clarime.health
Legal notices: legal@clarime.health