Privacy Policy

1. Information We Collect

1.1 Information You Provide

We collect information you voluntarily provide when using CaseMix, including:

• Account Information: Name, email address, password, and professional credentials when you create an account.
• Profile Information: Business name, professional bio, profile photos, service offerings, and availability settings.
• Client Information: Names, email addresses, phone numbers, and session notes for clients you manage through the platform.
• Payment Information: When you connect your Stripe account, we facilitate payment processing but do not store full payment card details on our servers.
• Communications: Any messages, feedback, or support requests you send to us.

1.2 Information Collected Automatically

When you access CaseMix, we automatically collect:

• Device Information: Browser type, operating system, device identifiers, and IP address.
• Usage Data: Pages viewed, features used, time spent on the platform, and interaction patterns.
• Log Data: Access times, error logs, and referring URLs.

1.3 Information from Third Parties

We may receive information from:

• Authentication Providers: If you sign in using Google or other OAuth providers, we receive basic profile information.
• Payment Processors: Stripe provides transaction status and account connection information.
• Calendar Integrations: If you connect Google Calendar, we access calendar availability data.

2. How We Use Your Information

We use collected information to:

• Provide Services: Operate the scheduling platform, process bookings, and facilitate payments.
• Improve the Platform: Analyze usage patterns to enhance features and user experience.
• AI-Assisted Features: Power session note summaries, client memory features, and intelligent suggestions using artificial intelligence. Your data may be processed by AI systems to provide these features.
• Communications: Send booking confirmations, reminders, and important service updates.
• Security: Detect and prevent fraud, abuse, and security incidents.
• Legal Compliance: Fulfill legal obligations and respond to lawful requests.

3. Information Sharing and Disclosure

We do not sell your personal information. We may share information in the following circumstances:

3.1 Service Providers

We work with trusted third-party service providers who assist in operating our platform, including:

• Firebase/Google Cloud: Infrastructure, authentication, and database services.
• Stripe: Payment processing for booking transactions.
• AI Service Providers: Processing for intelligent features (data is transmitted securely and subject to strict confidentiality requirements).
• Email Services: Transactional email delivery.

3.2 Legal Requirements

We may disclose information when required by law, court order, or governmental authority, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

3.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

3.4 With Your Consent

We may share information with third parties when you have given explicit consent.

4. Data Security

We implement industry-standard security measures to protect your information, including:

• Encryption of data in transit (TLS/SSL) and at rest.
• Secure authentication mechanisms including multi-factor authentication options.
• Regular security assessments and monitoring.
• Access controls limiting employee access to personal data.
• Secure cloud infrastructure hosted on Google Cloud Platform.

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

5. Data Retention

We retain your information for as long as your account is active or as needed to provide services. After account deletion, we may retain certain information as required by law or for legitimate business purposes, including:

• Transaction records for tax and accounting purposes (typically 7 years).
• Information necessary to resolve disputes or enforce agreements.
• Anonymized or aggregated data for analytics purposes.

6. Your Rights and Choices

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete information.
• Deletion: Request deletion of your personal information, subject to legal retention requirements.
• Portability: Request your data in a structured, machine-readable format.
• Opt-Out: Unsubscribe from marketing communications at any time.
• Restrict Processing: Request limitation of how we use your data in certain circumstances.

To exercise these rights, contact us at privacy@casemix.io.

7. Special Considerations for Healthcare Providers

If you are a healthcare provider subject to HIPAA or similar regulations:

• You are responsible for ensuring your use of CaseMix complies with applicable healthcare privacy laws.
• CaseMix is designed as a scheduling and practice management tool, not an electronic health records (EHR) system.
• Session notes and client information you enter should be managed in accordance with your professional obligations.
• We recommend consulting with a compliance professional regarding your specific regulatory requirements.

For healthcare providers requiring a Business Associate Agreement (BAA), please contact us at compliance@casemix.io.

8. International Data Transfers

CaseMix is operated from the United States. If you access the platform from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. By using CaseMix, you consent to such transfers.

For users in the European Economic Area (EEA) or United Kingdom, we rely on Standard Contractual Clauses and other appropriate safeguards for international data transfers.

9. Children's Privacy

CaseMix is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Maintain your session and authentication state.
• Remember your preferences and settings.
• Analyze platform usage and performance.
• Provide security features.

You can manage cookie preferences through your browser settings. Disabling cookies may affect platform functionality.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by posting the updated policy on our website and updating the “Last updated” date. Your continued use of CaseMix after changes become effective constitutes acceptance of the revised policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: