Back to Home

Privacy Policy for ChiroFlow

Last Updated: March 31, 2026

Introduction

ChiroFlow ("we," "our," or "us") provides a practice management and communication platform designed for chiropractic professionals. Our platform includes web and mobile applications that facilitate appointment scheduling, patient communication, AI-powered phone assistance, and practice analytics. This Privacy Policy explains how we collect, use, store, and protect your information when you use our services.

Information We Collect

Information You Provide

  • Account Information: Name, email address, phone number, and practice/business information when you create an account
  • Practice Information: Business name, address, business hours, and practice details
  • Communication Data: Messages sent and received through the platform, including SMS, in-app messages, and voice messages
  • Appointment Data: Booking information, scheduling preferences, and calendar data
  • Contact/Lead Information: Patient and lead contact details that you input or that are received through integrations

Information Collected Automatically

  • Usage Data: Information about how you use our platform, including features accessed and actions taken
  • Device Information: Device type, operating system, browser type, IP address, and mobile device identifiers
  • Push Notification Tokens: Device tokens used to deliver push notifications
  • Log Data: Server logs including access times and error reports

Information from Third-Party Integrations

  • GoHighLevel (GHL): Contact information, calendar availability, and CRM data synced through your GHL integration
  • Twilio/VAPI: Call recordings, transcripts, and call metadata from AI phone assistant interactions
  • Calendar Systems: Appointment and availability data from connected calendar services

How We Use Your Information

We use the collected information to:

  • Provide and maintain our practice management and communication services
  • Facilitate appointment scheduling and calendar management
  • Enable AI-powered phone assistant features for inbound and outbound calls
  • Send push notifications and in-app messages
  • Process and display call logs, transcripts, and voice messages
  • Manage leads and contacts within your workspace
  • Generate practice analytics and performance insights
  • Improve and optimize our platform and AI capabilities
  • Communicate with you about your account and service updates
  • Ensure the security and integrity of our services

AI Phone Assistant and Call Data

Our platform includes an AI-powered phone assistant ("Sarah") that handles calls on behalf of your practice. When this feature is enabled:

  • Calls may be recorded and transcribed for quality and training purposes
  • Call transcripts are stored securely and associated with your workspace
  • AI models may analyze call patterns to improve response quality
  • Voice messages left by callers are stored and accessible through your dashboard

You are responsible for ensuring that callers are informed about call recording in accordance with applicable laws in your jurisdiction. Our AI assistant announces recording when required by your configuration.

Data Sharing and Disclosure

We do NOT sell, trade, or rent your personal information to third parties.

We may share your information only in the following circumstances:

  • With Your Consent: When you explicitly authorize us to share information
  • Service Providers: With trusted third-party service providers who help us operate our platform (listed below)
  • Legal Requirements: When required by law, court order, or government regulation
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • Safety: To protect the rights, property, or safety of our users or the public

Third-Party Services

Our platform uses the following third-party services:

Vercel

Web application hosting and deployment

Privacy Policy: https://vercel.com/legal/privacy-policy

Railway

Backend services hosting and infrastructure

Privacy Policy: https://railway.com/legal/privacy

Twilio

Voice calling, SMS messaging, and phone number provisioning

Privacy Policy: https://www.twilio.com/en-us/legal/privacy

VAPI

AI voice assistant platform for automated phone interactions

Privacy Policy: https://vapi.ai/privacy

GoHighLevel

CRM integration, calendar management, and contact synchronization

Privacy Policy: https://www.gohighlevel.com/privacy-policy

Neon (PostgreSQL)

Database hosting and management

Privacy Policy: https://neon.tech/privacy-policy

Data Security

We implement industry-standard security measures to protect your information:

  • Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS/SSL
  • Encryption at Rest: Sensitive data including integration credentials and API keys are encrypted using AES-256 encryption
  • Access Controls: Role-based access controls restrict data access to authorized users and personnel
  • Secure Authentication: Multi-factor authentication and secure session management
  • Regular Security Reviews: We regularly review and update our security practices

Data Retention

We retain your data as follows:

  • Account Data: Retained while your account is active and for up to 90 days after deletion request
  • Communication Data: Messages and call logs are retained while your account is active
  • Call Recordings/Transcripts: Retained according to your workspace settings
  • Analytics Data: Aggregated, anonymized data may be retained indefinitely

You can request deletion of your account and all associated data at any time. See our Account Deletion page for details.

Your Rights and Choices

You have the following rights regarding your data:

Access and Portability

  • You can access your account information at any time through your dashboard
  • You can request a copy of your data by contacting us

Correction and Deletion

  • You can update your account information in your profile settings
  • You can delete your account from within the app or via our Account Deletion page

Push Notifications

  • You can enable or disable push notifications in your device settings
  • You can manage notification preferences within the app

Integration Data

  • You can disconnect third-party integrations at any time from your workspace settings
  • Disconnecting an integration will stop data syncing from that service

Children's Privacy

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately at privacy@chiroflow.com and we will promptly delete such information.

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: You can request information about the personal data we collect and how we use it
  • Right to Delete: You can request deletion of your personal data
  • Right to Opt-Out: You can opt out of the sale of personal data (we do not sell personal data)
  • Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise these rights, contact us at: privacy@chiroflow.com

European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate personal data
  • Right to Erasure: Request deletion of your personal data
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a portable format
  • Right to Object: Object to our processing of your data
  • Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, contact us at: privacy@chiroflow.com

Health Information

ChiroFlow is a practice management and communication tool. While our platform is used by healthcare professionals, ChiroFlow is designed as a scheduling, communication, and practice management system. We are not a covered entity under HIPAA.

Users are responsible for ensuring their use of ChiroFlow complies with applicable healthcare privacy regulations in their jurisdiction. We recommend not transmitting protected health information (PHI) through our messaging features unless you have confirmed compliance with applicable laws.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last Updated" date at the top
  • Sending a push notification or email for material changes

Your continued use of our service after changes constitutes acceptance of the updated Privacy Policy.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@chiroflow.com
Support: support@chiroflow.com
Website: https://chiroflow.ai

Complaints

If you believe we have not handled your data properly, you have the right to lodge a complaint with a supervisory authority:

By using ChiroFlow, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.