PLEASE READ THIS PRIVACY POLICY CAREFULLY. BY ACCESSING OR USING OUR SERVICES, YOU AGREE TO BE BOUND BY THE TERMS DESCRIBED HEREIN AND ALL TERMS INCORPORATED BY REFERENCE. 1. Introduction and Scope Clinix Agent, operated by Clinix LLC ("Clinix," "we," "us," or "our"), respects your privacy and is committed to protecting your personal information. This Privacy Policy ("Policy") explains how we collect, use, disclose, and safeguard your information when you visit our website, use our software platform, or engage with our services (collectively, the "Services"). This Policy applies to personal data we collect as a data controller. Where we process Protected Health Information ("PHI") on behalf of a healthcare provider or covered entity, we act as a Business Associate, and such processing is governed by the applicable Business Associate Agreement ("BAA") and the Health Insurance Portability and Accountability Act ("HIPAA"), rather than solely by this Policy. In the event of a conflict between this Policy and a BAA, the BAA shall control regarding PHI. 2. Information We Collect We collect information to provide our revenue cycle management, documentation, and operational tooling services. The categories of information we collect include: A. Account and Contact Information When you register for an account, request a demo, or contact support, we collect: Identifiers: Name, email address, mailing address, phone number, and organization name. Credentials: Usernames, passwords, and security questions. Professional Data: Job title, medical specialty, NPI number, and practice affiliation. B. Protected Health Information (PHI) and Customer Data In the course of providing our Services, you may upload, transmit, or process data containing PHI or sensitive patient information ("Customer Data"). We process this data strictly in accordance with our agreements with you and applicable law. C. Service and Usage Data We automatically collect information about how you interact with our Services, including: Device Information: IP address, browser type, operating system, device identifiers, and crash data. Usage Metrics: Pages viewed, features used, time spent on the platform, and clickstream data. Log Data: Server logs, timestamps, and referring/exit pages. D. Communications Data We collect the content and metadata of communications you send to us, including email correspondence, chat logs, support tickets, and SMS/text message responses. 3. How We Use Your Information We use the information we collect for the following business and commercial purposes: Service Delivery: To provide, operate, maintain, and improve our platform, including processing claims, denials, and appeals. Authentication: To verify your identity and prevent unauthorized access. Communication: To send transactional messages, security alerts, account updates, and support responses. Legal Compliance: To comply with applicable laws, regulations, court orders, and subpoenas. Security and Fraud Prevention: To monitor and secure our infrastructure, detect security incidents, and protect against malicious activity. Analytics: To analyze trends and usage patterns to improve the user experience (using de-identified or aggregated data where possible). 4. SMS/Text Messaging Privacy Policy Clinix respects your privacy regarding text messaging communications. By opting in to receive SMS messages from us, you acknowledge and agree to the following: A. Consent and Opt-In You may opt in to receive SMS notifications regarding account alerts, claim status, and support via our web forms or service agreements. By providing your phone number, you expressly consent to receive automated text messages from Clinix. B. No Sharing for Marketing Strict Prohibition on Sharing Mobile Data: Notwithstanding any other provision in this Policy, we do not sell, rent, or share your mobile phone number or SMS consent data with third parties or affiliates for their marketing or promotional purposes. Your mobile opt-in data is kept strictly confidential and used only for the service-related communications you requested. C. Opt-Out Rights You may revoke your consent at any time by replying STOP to any message we send. Upon receipt of a STOP command, we will send one confirmation message and then cease further SMS communications to that number, except where required by law. 5. How We Share Information We do not sell your personal information. We may disclose your information only in the following circumstances: Service Providers: We share data with trusted third-party vendors who perform services on our behalf (e.g., cloud hosting, email delivery, customer support tools). These vendors are bound by confidentiality obligations and data processing agreements. Business Associates/Subcontractors: Regarding PHI, we may share data with downstream Business Associates solely for authorized treatment, payment, or healthcare operations purposes in compliance with HIPAA. Legal Requirements: We may disclose information if required to do so by law, or in the good faith belief that such action is necessary to comply with a legal obligation, protect and defend our rights or property, or act in urgent circumstances to protect personal safety. Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of the transaction, subject to the acquiring entity's agreement to respect this Policy. 6. Data Security We implement administrative, technical, and physical safeguards designed to protect your information from unauthorized access, loss, misuse, or alteration. These measures include encryption of data in transit and at rest, access controls, audit logs, and regular security assessments. However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security. 7. HIPAA and Business Associate Agreement If you are a Covered Entity or Business Associate under HIPAA, your use of our Services to process PHI is governed by the BAA executed between you and Clinix. We maintain specific policies and procedures to ensure compliance with the HIPAA Privacy, Security, and Breach Notification Rules. We will not use or disclose PHI other than as permitted or required by the BAA or as required by law. 8. State Privacy Rights Residents of certain U.S. states (including but not limited to California, Virginia, Colorado, Connecticut, and Utah) may have specific rights regarding their personal data. A. California Residents (CCPA/CPRA) Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have the right to: Request disclosure of the categories and specific pieces of personal information collected. Request deletion of personal information, subject to certain legal exceptions. Opt out of the "sale" or "sharing" of personal information (Clinix does not sell personal information). Correct inaccurate personal information. Not receive discriminatory treatment for exercising these rights. B. Other State Laws Residents of Virginia (VCDPA), Colorado (CPA), and other states with comprehensive privacy laws generally have rights to access, correct, delete, and export their personal data. To exercise these rights, please contact us using the information provided in Section 13. 9. International Data Transfers Clinix is based in the United States, and we process and store information in the United States. If you are located outside the U.S., including in the European Economic Area (EEA), United Kingdom, or Switzerland, please note that we may transfer your data to the U.S., which may not have the same data protection laws as your jurisdiction. By using our Services, you consent to the transfer and processing of your information in the U.S. 10. Data Retention We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. Retention periods for Customer Data (including PHI) are determined by our customer agreements and applicable laws. 11. Children's Privacy Our Services are not intended for children under the age of 18. We do not knowingly collect personal information from children under 13 in violation of the Children's Online Privacy Protection Act (COPPA). If we become aware that we have collected personal data from a child under 13 without verification of parental consent, we will take steps to remove that information. 12. Changes to This Policy We reserve the right to modify this Policy at any time. If we make material changes, we will notify you by updating the "Last Updated" date at the top of this Policy and, where appropriate, by providing notice through the Services or via email. Your continued use of the Services after such changes constitutes your acceptance of the new Policy. 13. Contact Us If you have any questions about this Privacy Policy, our data practices, or if you wish to exercise your privacy rights, please contact our Privacy Team at: Clinix LLC Attn: Privacy Officer Email: support@clinixagent.com © 2026 Clinix LLC. All rights reserved.
