Privacy Policy
Privacy built around minimum necessary data.
Last updated: July 9, 2026. Clinic Scout is designed around provider-selection education and consent-first operations. This policy explains what information is collected, how it is used, how payments and analytics are handled, and the data boundaries that protect users and clinics.
Boundary: Clinic Scout is not a medical provider. Public forms and normal support should not receive medical details or PHI.
01Partner information collected
Clinic Scout may collect clinic/business name, contact details, role/title, website, service-area details, partner account details, checkout metadata, support messages, onboarding answers, portal activity, and operational notes needed to fulfill partner services.
02Lead and introduction data
Partner workflows may involve consented, non-medical lead or introduction records. Those records are used for routing, status tracking, billing, reporting, consent proof, and support. Patient medical intake belongs with the clinic, not in public Clinic Scout support or checkout.
03No PHI by default
Clinic Scout does not want PHI in normal support, public forms, checkout, or partner onboarding. Do not send patient lists, symptoms, medication details, labs, diagnoses, insurance IDs, or medical records unless a separate legal/BAA-ready workflow is explicitly approved.
04How information is used
We use partner information to operate the partner portal, process Stripe payments, configure services, support onboarding, route consented introductions, provide reporting, prevent abuse, debug issues, and maintain audit records.
05Analytics and pixels
Analytics and advertising systems should receive generic business/site events only. We do not intentionally send PHI, patient identifiers, medical details, lead content, or routing specifics to ad pixels.
06Payments and processors
Stripe processes payments. Cloudflare, email, analytics, storage, security, and internal operations tools may process limited business/support data as needed to operate the service. We do not sell partner personal information.
07Retention and deletion
Partner billing, consent, routing, support, tax, dispute, and security records may be retained as needed for operations and legal obligations. Contact [email protected] for access, correction, deletion, or privacy review.
08Contact
Privacy questions go to [email protected]. Plain review-safe address: partners@glpclinicscout.com.
Partner data boundary
For partner services, the normal record should be business and operational: clinic name, staff contact, service area, agreed scope, billing metadata, approved scripts, routing status, consent proof, and support history. That is enough to run a Revenue Recovery Desk without turning public forms into medical intake. Clinics should keep patient medical data inside their own compliant systems.
If a partner asks for a workflow that could involve PHI, that workflow is not assumed from checkout. It requires a separate scope, legal/compliance review, and an approved handling path before any such data is accepted.
HIPAA, cookies, retention, rights, and security
Clinic Scout partner workflows are not a blanket PHI-processing agreement. Clinic Scout is not acting as a HIPAA covered entity through public partner checkout, public forms, or normal support. PHI is not accepted unless a separate legal/BAA-ready workflow is explicitly scoped and approved.
The partner site may use cookies or similar tools for security, performance, analytics, attribution, and abuse prevention. Typical processors may include Cloudflare, Stripe, Google Analytics, email/support tooling, storage, and internal operations tools. Billing/tax records may be retained up to seven years; partner support, routing, consent, and dispute records may be retained while needed for operations, proof, legal compliance, fraud prevention, or security.
Partners may request access, correction, deletion, export, restriction, or objection by emailing [email protected]. Data may be processed in the United States or countries where processors operate. We use reasonable safeguards, but no online service is risk-free. The partner service is for business users and is not directed to children under 16.
Controller roles, deletion/export, and subprocessors
Partner clinics are independent controllers for their own patient, staff, CRM, medical, advertising, and clinical records. Clinic Scout controls the partner account, checkout, support, consent-routing, reporting, and operational records it creates for its service. Where a future workflow requires a different processing role or PHI handling, that role must be stated in a separate written agreement before the data is accepted.
Deletion/export requests should identify the clinic, staff user, checkout email, portal context, and records requested. We target acknowledgement within 10 business days and completion within 30 days where practical, subject to billing, tax, consent-proof, fraud-prevention, dispute, legal, and security retention. Typical subprocessors may include Cloudflare, Stripe, Google Analytics, email/support tooling, storage, and internal operations systems.
Partner privacy routing addendum: Staff account access, deletion/export requests, billing records, consent evidence, and portal-support records should be requested separately so Clinic Scout can verify the clinic, user, and record type without exposing patient medical context.