Effective date: May 19, 2026 · Last updated: May 19, 2026
Cliny ("we," "our," or "us") operates as a HIPAA-covered business associate for its clinic customers. This Privacy Policy describes how we collect, use, and protect information when you use our practice management platform at cliny.ai (the "Service").
When you create a Cliny account we collect your name, work email address, and the name of your clinic. If you sign in via Google OAuth, we receive your name and email from Google.
Cliny is a platform used by healthcare clinics. When clinic staff use our Service, they may enter patient information that constitutes Protected Health Information under HIPAA, including patient names, dates of service, clinical notes, diagnoses, and treatment records. Cliny processes this data strictly as a Business Associate on behalf of the covered entity (the clinic). We do not use PHI for our own purposes.
We automatically collect information about how you use the Service: pages visited, features used, timestamps, IP addresses, browser type, and device information. This data is used to improve the platform and diagnose technical issues.
Subscription payments are processed by Stripe, Inc. We do not store your credit card number or bank account details. We receive and store billing metadata (plan type, subscription status, last-four card digits) from Stripe.
We use the following sub-processors to deliver the Service. Each is bound by data processing agreements consistent with applicable law:
Cliny acts as a Business Associate under the Health Insurance Portability and Accountability Act (HIPAA). We:
To request a BAA, email support@cliny.ai.
We retain account data for the duration of your subscription plus 90 days after cancellation, during which you may export your data. PHI is retained in accordance with your clinic's legal obligations and applicable state law — we do not delete PHI without clinic instruction. Audit logs are retained for a minimum of 6 years consistent with HIPAA requirements.
Depending on your jurisdiction, you may have the right to:
To exercise these rights, email support@cliny.ai.
We use only essential cookies required for authentication (Supabase session tokens) and security. We do not use advertising or third-party tracking cookies. You can disable cookies in your browser settings, but doing so will prevent you from signing in.
The Service is not directed at individuals under 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, contact us and we will delete it promptly.
We will notify you of material changes to this Privacy Policy via email at least 14 days before the changes take effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.
For privacy-related questions or to exercise your rights: