Terms of Service

Privacy Policy

Effective Date: February 20, 2026

1. Introduction

ClariMe Health LLC ("we," "our," or "ClariMe") is committed to protecting the privacy and security of your personal and health information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use the ClariMe mobile application and related services (collectively, the "Service").

ClariMe is a patient-focused application that allows you to record doctor visits, receive AI-generated summaries of your appointments, and share visit information with family members and caregivers through Care Groups.

ClariMe Health LLC is not a healthcare provider, health plan, or healthcare clearinghouse, and therefore is not a "covered entity" as defined under the Health Insurance Portability and Accountability Act ("HIPAA"). However, we voluntarily adopt security and privacy safeguards designed to be consistent with many HIPAA Security Rule concepts, and we enter into Business Associate Agreements ("BAAs") with our service providers, because we believe your health information deserves robust protection regardless of whether specific regulations legally require it of us.

1.1 Data Minimization

We collect only the information reasonably necessary to provide, maintain, and improve the Service. We do not collect data beyond what is required for the purposes described in this Privacy Policy.

By using ClariMe, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the Service. For questions, contact us at privacy@clarime.health.

2. Information We Collect

2.1 Information You Provide

2.2 Information We Generate

2.3 Information Collected Automatically

2.4 Biometric Authentication Data

ClariMe offers optional biometric authentication (Face ID, Touch ID, or fingerprint) as a convenience feature. When you enable biometric sign-in, your biometric data is processed entirely on your device by the operating system. ClariMe does not collect, receive, store, transmit, or have access to your biometric data (such as facial geometry or fingerprint patterns) at any time. We store only a local flag on your device indicating that you have enabled biometric authentication. No biometric identifiers or biometric information, as defined under the Illinois Biometric Information Privacy Act or similar state laws, are collected or processed by ClariMe.

3. How We Use Your Information

We use your information for the following purposes:

We do not sell your personal information or health data. We do not use your health information for advertising, marketing to third parties, or any purpose unrelated to providing and improving the Service.

3.1 Legal Basis for Processing

We process your information based on the following legal grounds, as applicable:

3.2 De-Identified and Aggregated Data

We may create de-identified or aggregated data from information collected through the Service. De-identification is performed using methods designed to ensure the data cannot reasonably be used to identify any individual. We will maintain de-identified data in de-identified form and will not attempt to re-identify it, except as permitted by law (for example, to validate the effectiveness of our de-identification process). De-identified and aggregated data may be used for research, analytics, service improvement, and other lawful purposes, and is not subject to the individual-specific restrictions of this Privacy Policy.

4. How We Share Your Information

4.1 At Your Direction

4.2 Service Providers

We work with trusted service providers who process data on our behalf. All service providers who handle health information are required to execute BAAs or equivalent data protection agreements before receiving access to such data. Our service providers fall into the following categories:

Our current primary infrastructure provider is Amazon Web Services (AWS), which provides cloud hosting, encrypted data storage, medical transcription (AWS Transcribe Medical), AI processing (AWS Bedrock), user authentication (AWS Cognito), and SMS delivery (AWS SNS). All AWS services operate under a single AWS BAA.

We may engage additional service providers from time to time. Any provider handling health information will be required to enter into a BAA or equivalent agreement before receiving access to such data. We do not share your data with any service providers who have not executed appropriate data protection agreements.

4.3 Data Processing Locations

Your information may be stored and processed in the United States. If we engage service providers who process data in other jurisdictions, we will ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable law.

4.4 Legal Requirements

We may disclose your information if required to do so by law, court order, subpoena, or government regulation, or if we believe in good faith that disclosure is reasonably necessary to: (a) comply with a legal obligation; (b) protect the rights, property, or safety of ClariMe, our users, or the public; (c) detect, prevent, or address fraud, security issues, or technical problems; or (d) enforce our Terms of Service.

4.5 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via SMS or in-app notice before your information becomes subject to a different privacy policy.

5. Data Security

We implement comprehensive technical, administrative, and physical safeguards designed to be consistent with many HIPAA Security Rule concepts:

While we implement industry-standard security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any security incidents in accordance with Section 6 below.

6. Data Breach Notification

6.1 Definition

For purposes of this Privacy Policy, a "security incident" means a confirmed unauthorized acquisition of, or access to, unencrypted personal information or protected health information that compromises the security, confidentiality, or integrity of such information.

6.2 Notification

In the event of a security incident involving your information, we will notify affected individuals without unreasonable delay and in no event later than sixty (60) days following discovery of the incident, or sooner where required by applicable state or federal law. Notification will be provided via SMS to your registered phone number and, where available, via email or in-app notification. We will also notify relevant regulatory authorities as required by applicable federal and state breach notification laws, including the Louisiana Database Security Breach Notification Law (La. R.S. 51:3071 et seq.).

If you believe your ClariMe account or data has been compromised, please contact us immediately at security@clarime.health or support@clarime.health.

7. Data Retention

Please note that deletion from active systems may not immediately remove residual copies from encrypted backups, which are securely maintained and overwritten on a rolling basis. We may also retain certain information as required by applicable law, regulation, or legal hold obligations. All retained data continues to be protected by the security measures described in this Privacy Policy.

8. Your Rights

You have the following rights regarding your information:

To exercise any of these rights, contact us at privacy@clarime.health or support@clarime.health. We will acknowledge receipt of your request within ten (10) business days and fulfill it within thirty (30) days.

8.1 Appeals

If we decline a request to exercise any of your rights, we will provide a written explanation of the basis for the denial. You may appeal our decision by contacting privacy@clarime.health with the subject line "Privacy Rights Appeal." We will respond to appeals within thirty (30) days. If your appeal is denied and you are a resident of a state with an applicable privacy law that provides for further appeal, we will provide you with information on how to contact the appropriate state authority.

9. SMS Communications

By providing your phone number and using the Service, you consent to receive SMS messages from ClariMe, including:

We will not send marketing or promotional SMS messages. Message frequency varies based on your use of the Service. Message and data rates may apply depending on your mobile carrier plan.

Opt-Out: You may reply STOP to any non-essential SMS message to opt out of non-essential communications. Reply HELP for assistance. Please note that authentication and security messages are required for the Service to function; opting out of these messages will prevent you from using ClariMe. To fully stop all messages, you must delete your account by contacting support@clarime.health.

SMS Opt-In Data: Your SMS opt-in data and consent will not be shared with or sold to any third parties or affiliates for their marketing purposes. The above excludes text messaging originator opt-in data and consent; this information will not be shared with any third parties.

SMS Security: You acknowledge that SMS is not a fully secure method of communication and that messages may be intercepted or accessed by unauthorized third parties. ClariMe is not responsible for unauthorized access to information resulting from SMS transmission that you have directed, including Care Group sharing via SMS. If you have concerns about SMS security, you may choose to share visit summaries only through the ClariMe app.

10. Our Commitment to Health Data Protection

Although ClariMe Health LLC is not a covered entity under HIPAA, we voluntarily adopt the following practices because we believe they represent the appropriate standard of care for health information:

Important: ClariMe is a tool for patients to manage their own health information. When you choose to share your visit summaries with Care Group members, you are directing the disclosure of your own health information. ClariMe facilitates this sharing at your direction but does not independently decide to share your information with third parties.

11. Children's Privacy

ClariMe is not directed to and is not intended for use by individuals under the age of eighteen (18). We do not knowingly collect personal information from children under 18. In compliance with the Children's Online Privacy Protection Act ("COPPA") and similar state laws, if we learn that we have inadvertently collected personal information from a child under 13, we will delete such information promptly. If you believe a child has provided us with personal information, please contact us immediately at privacy@clarime.health.

12. Online Tracking and Cookies

The ClariMe mobile application does not use cookies. If you access ClariMe through a web browser, we may use limited, essential cookies or similar technologies for authentication and session management. We do not use tracking cookies, advertising cookies, or cross-site tracking technologies.

ClariMe does not currently respond to "Do Not Track" browser signals. Because we do not engage in cross-site tracking or targeted advertising, this setting does not materially affect how we handle your data.

13. State-Specific Disclosures

Louisiana: ClariMe Health LLC is organized under the laws of Louisiana. We comply with the Louisiana Database Security Breach Notification Law (La. R.S. 51:3071 et seq.) and all applicable state data protection requirements.

California: If you are a California resident, you may have additional rights under the California Consumer Privacy Act ("CCPA") and California Privacy Rights Act ("CPRA"), including the right to know what personal information we collect, the right to delete your information, the right to correct inaccurate information, and the right to opt out of the sale or sharing of your personal information. We do not sell or share personal information for cross-context behavioral advertising. To exercise your California privacy rights, contact us at privacy@clarime.health. We will not discriminate against you for exercising your rights.

Illinois, Texas, and Washington: If you reside in a state with biometric privacy laws, please note that ClariMe does not collect, store, or process biometric identifiers or biometric information. Biometric authentication is handled entirely by your device's operating system. See Section 2.4 for details.

Other U.S. States: Additional state privacy laws (such as the Virginia Consumer Data Protection Act, Colorado Privacy Act, Connecticut Data Privacy Act, and similar legislation) may provide you with additional rights regarding your personal information. We are committed to honoring the spirit of these laws. If you believe you have rights under your state's privacy law that are not addressed above, please contact us at privacy@clarime.health and we will work to accommodate your request.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by: (a) posting the updated policy within the app; (b) updating the effective date; and (c) sending an SMS notification to your registered phone number for significant changes that affect how we collect, use, or share your health information. Where you have provided an email address, we will also send notification via email.

Your continued use of the Service after changes are posted constitutes acceptance of the revised policy. We encourage you to review this Privacy Policy periodically.

15. Contact Information

If you have questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us:

ClariMe Health LLC

Privacy inquiries: privacy@clarime.health

General support: support@clarime.health

Security incidents: security@clarime.health

Legal notices: legal@clarime.health