Why We Collect Personal Information

We collect personal information in order to provide our Services to our Patients for our own business purposes (such as managing your appointments and your payments), to learn about use of our Services (for improvement, accessibility and relevant content), and to provide you with information about our Services, including features and promotions. We collect only the minimum amount of personal information needed for these purposes. We do not sell or trade personal information, and we will only share your personal information with third parties in the ways that are described in this Privacy Notice.

Information We Collect from You

Contact Information. We collect your contact information, such as your name, email address, when you fill out our online forms or set up your user account for our Services. We use your contact information to give you access to the Services, and to send you notices about your upcoming appointments. We may also use your contact information for promotional emails and direct mail. You can opt-out of our marketing communications at any time by unsubscribing or contacting us at hello@acuboston.com.

Billing Information. When our Patient provides credit card information to process payments, the credit card information is provided directly to our PCI-compliant payment processor.

Log and Device Information. When you access and browse our Services, we collect information about how you are accessing our Services, such as your internet or mobile network connection, your browser or the type of mobile device you are using (if applicable). We use this log and device information to identify how our Services are being accessed and used so we can optimize them for the types of connections, browsers and devices being used. This information is not used to market or send promotions at an individual user level.

Cookies and Tracking Information. Our website uses cookies. Cookies are small data files that are downloaded to your computer or device by a website. Your web browser lets you manage cookies through its “settings” or “options” menus. You can change your browser settings to display a warning before accepting a cookie or to refuse all cookies other than essential cookies required for the functioning of the Services. You can also delete cookies at any time; however, please note that certain cookies must remain in order to use certain portions of the Services. We also use web beacons, which are tiny graphic objects embedded in a web page or an email which allows us to determine if a user has viewed the web page or email.

For more information about cookies, see our Cookie Policy.

Social Media. If you access our Services using a third-party sign-in service, such as Google, Facebook Connect, etc., we will receive personal information from those services, such as your name and email address in order to pre-populate our online forms. We also include social media “Like” and “Share” buttons on our websites. These features may collect your IP address and the page you are visiting on our website. They may also set a cookie to enable the feature to function properly. Your interactions with these features are governed by the privacy policies of the third parties who provide them.

Google Calendar. If you choose to connect your Google Calendar with our Services, we will collect your calendar information from Google for the purposes of displaying “external events” on your schedule within the Services and to send push notifications. We only collect Google Calendar metadata, which includes a list of your calendars, the start time, end time and duration of calendar events, and a unique event identifier from Google. We do not collect event titles, descriptions, attendees or other personal information. If you disconnect your Google Calendar from the Services, we will delete the Google credentials, metadata, and all associated “external events” from our Services. Please note that Google Workspace APIs are not used to develop, improve, or train generalized AI and/or Machine Learning models.

Patient Data

Patient Data. We use our clinic management platform to collect personal information from their patients and create patient records. These records may include a patient’s name, address, health insurance and billing information, medical charts, appointment history and other patient data (“Patient Data”). This information is sometimes referred to as “personal health information”, “protected health information”, “data concerning health” or “sensitive data”.

If you are a Patient, Patient Data is collected from you when you visit our clinic or practitioner and when you create a profile or book appointments with our clinic through our online booking Service.

Our Role. Clinic retains sole control over Patient Data and may be referred to as a “health information custodian”.

We are responsible for complying with laws and regulations governing the use of Patient Data, and for determining the legal basis for such use.

We use only HIPAA-compliant service provider (Jane Software, Inc.) to store Patient Data in their secure data centers and make it available to us and our Patients through our clinic management platform. Jane Software, Inc, will only access Patient Data on our instructions or, in rare cases, where needed in order to prevent or address technical problems, or if required by law or court order.

Storage Location. Patient Data is stored in the regional data center in the United States.

Patient Rights. Patients have certain rights with respect to their Patient Data, which may include knowing what information our clinic has about you, correcting any inaccurate Patient Data, obtaining a record of your Patient Data and, in certain circumstances, deleting or removing your Patient Data. Please note that we have strict legal and regulatory obligations around Patient Data and may not always be permitted to delete or remove Patient Data.

Questions about Patient Data. If you have any questions about your Patient Data or wish to exercise any of your patient rights, please contact your Subscriber clinic or practitioner.

Sharing Your Information

We do not sell or distribute personal information to third parties for their own commercial or marketing purposes. We will only share personal information we collect in the following circumstances:

• Customer support services to help us collect feedback and manage our support services
• Communication services to send out email and SMS notices or reminders
• Payment processors

Compliance with Laws. We may disclose personal information to governmental or judicial authorities (to respond to a request, subpoenas, registrations, or legal processes) or other third parties (as required by law, to comply with our legal and regulatory obligations, or to protect and secure our interests, rights, and our assets), to enforce security requirements, or to respond to an emergency which we believe, in good faith, requires us to disclose personal information. . We may also be required to disclose personal information to enforce our legal rights, to enforce security requirements, or to respond to an emergency which we believe, in good faith, requires us to disclose personal information. In such instances, we carefully review a request to make sure it complies with applicable law; if we consider the request to be too broad, we may try to narrow it to minimize the scope of the request, and, if permissible, we will make every reasonable effort to give you as much notice and detail as we can regarding the disclosure of your personal information, what information was disclosed and why. We will not disclose Patient Data unless legally required to do so.

Security

Our HIPAA-complied provider (Jane Software, Inc.) takes reasonable measures, including firewall barriers, SSL/TLS encryption techniques, and authentication procedures, to help protect personal information from accidental loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction. In addition, Jane Software, Inc limits access to Patient Data to those employees, agents, contractors and other third parties who have a business need to know. Patient Data stored on our provider’s platform is protected by:

• Using industry standard security controls such as encryption and an SSL (Secured Sockets Layers) certificate to ensure information is transmitted over a secured connection between your browser and our web server.
• Using state-of-the-art data centres with appropriate security and compliance certifications, such as ISO-27001, SOC 2, etc.
• Having our personnel sign strict confidentiality agreements in addition to completing periodic training to ensure they understand the confidential nature of the data we process, and only accessing your account when you request assistance from us.
• Requiring password protection of clinic’s user account with a password set by you.

Our clinic aids data protection by setting a strong password and by keeping our username and password confidential, along with utilizing additional security features.

Storage Period

We retain personal information only for as long as necessary to achieve our stated purposes, or as required by applicable law.

If you are a patient at our clinic, please contact us for information regarding the storage period for your Patient Data.

Your Rights

Individuals have certain rights with respect to their personal information. These rights are set out below. If you are a patient of our clinic, please contact us to exercise any of these rights with respect to your Patient Data..

Correction and Deletion. We will make reasonable efforts to ensure that the personal information we collect from you is accurate and complete. You may update, correct or delete your account information at any time by contacting us. Per your request, we will modifying your personal information, including your preferences to receive messages from us.

Withdrawing Consent. Where we have relied on your consent to use your personal information, you have the right to withdraw that consent at any time by contacting us as noted below, which we will give effect to promptly. In addition, all our marketing email messages contain the ability to automatically “opt-out” or unsubscribe from our mailing lists and marketing messages.

Access and Portability. You have the right to request a record of the personal information that we have collected about you and to ask that the information be provided in a structured, used electronic format (where applicable and technically feasible). There may be some cases where we cannot provide you with certain information about you if it would mean disclosure of personal information of another person or other confidential information, or if it would compromise our security systems. If you require access to your personal information, please contact us. We will respond to you within thirty (30) days of receiving your request. We may charge a fee where permitted by applicable law.

Contact Us

If you have any questions or concerns about our Privacy Notice and our privacy practices, please contact us at: