Privacy Policy

Clara Health, Inc. ("Clara," "we," "us") is committed to protecting the privacy and security of your personal and health information. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use our platform, website, and services.

Clara Health is designed to operate in a HIPAA-compliant manner. We maintain administrative, physical, and technical safeguards to protect PHI. All data is encrypted in transit and at rest using AES-256 encryption, and we execute BAAs with healthcare provider clients.

We collect practice information such as practice name, provider names, locations, contact details, and account credentials provided during registration.

We also process patient health information, including patient names, phone numbers, procedure details, recovery data, triage responses, and submitted photos, when your practice uses Clara for patient aftercare.

We collect anonymized platform usage data, feature usage analytics, and performance metrics to improve the product, and that data is not linked back to individual patients.

We use collected information to deliver and operate the Clara aftercare monitoring platform, send check-ins and reminders to patients on behalf of your practice, generate recovery analytics, and trigger escalation alerts when patient responses indicate concern.

We will never sell, rent, or share patient health information with third parties for marketing purposes. Any use of PHI is limited to the purposes described in the BAA.

All data is encrypted using AES-256 at rest and TLS 1.3 in transit. Our infrastructure is hosted on SOC 2 Type II certified cloud providers. We conduct regular testing, maintain audit logs, and enforce role-based access controls.

Patient recovery data is retained for the duration specified by the healthcare provider, with a default retention period of 7 years to align with medical record requirements. Providers may request deletion at any time, subject to applicable legal retention obligations.

You have the right to access, correct, or request deletion of your personal information. Healthcare providers can manage patient data through the Clara dashboard. Patients may exercise their rights under HIPAA by contacting their healthcare provider directly.

California residents may also have rights under the CCPA, including the right to know what personal information is collected, the right to request deletion, and the right to opt out of the sale of personal information. Clara Health does not sell personal information.

For privacy-related questions or concerns, contact our Privacy Officer at [email protected] or write to Clara Health, Inc., 228 Hamilton Ave, 3rd Floor, Palo Alto, CA 94301. We respond to privacy inquiries within 30 days.