ClinBox is a case‑centric workspace for long‑term conditions. It helps you centralize medical information, chat with AI using full case context, and generate doctor‑ready Visit Briefs, Timelines and Key Dates. This policy explains what we process, how we protect it, and the choices you have.
- Account information you provide (e.g., email).
- Basic usage analytics for reliability and abuse prevention.
- Case content you add as "Sources" (visit notes, lab results, symptoms, medications). Our MVP is text‑first.
Important: ClinBox is designed for de‑identified medical text. Please do not upload personal identity information (e.g., full name, phone number, ID numbers, address, insurance IDs, face photos).
- Provide features such as context‑aware chat, Visit Brief, Timeline and Key Dates.
- Run daily medical‑model benchmarks and auto‑route the best model for your chats.
- Maintain security, reliability and improve product quality.
We use industry‑standard safeguards:
- TLS 1.3 for data in transit
- AES‑256 encryption for data at rest
- bcrypt for password hashing
Security on the internet is never absolute; we will continue to improve our safeguards but cannot guarantee complete elimination of all risks.
ClinBox uses third-party AI models (such as OpenAI, Google, and Anthropic) to process your content and provide features like context-aware chat and Visit Brief generation.
- The content you add as Sources (medical notes, lab results, symptoms)
- Your chat messages and prompts
- Context from your case to generate responses
- We work only with AI providers who have agreed to process data solely for providing services to you
- According to their published policies, these providers do not use customer data submitted via their APIs to train their general models
- Your data is processed only to provide ClinBox services to you
- We require AI providers to maintain appropriate security and confidentiality measures
- You can choose not to use AI-powered features if you prefer
- Deleting your content from ClinBox stops future AI processing of that content
For current information on AI providers we use, contact info@clinbox.org.
DO NOT upload the following types of information:
- Full legal names
- Phone numbers or contact information
- Government ID numbers (Social Security Number, passport, driver's license, etc.)
- Home or work addresses
- Insurance policy numbers or member IDs
- Photographs showing faces or other identifying features
- Financial account numbers
- Any other personally identifiable information (PII) or protected health information (PHI) that could directly identify you
By using ClinBox, you acknowledge that:
- You are responsible for ensuring your uploaded content is de-identified
- ClinBox is not liable for consequences of your decision to upload identifying information
- You assume all risks and compliance obligations if you upload PII/PHI
- We cannot guarantee removal from third-party systems once data has been processed
- Use initials or pseudonyms instead of full names
- Use relative time references ("3 months ago") instead of specific dates
- Remove or redact addresses, phone numbers, and ID numbers
- Do not upload photographs showing identifiable features
If you accidentally uploaded identifying information:
- Delete the content immediately from ClinBox
- Contact info@clinbox.org for assistance
- We will make reasonable efforts to help, but cannot guarantee complete removal from third-party systems that have already processed the data
We strongly recommend reviewing all content before uploading.
We rely on infrastructure and service providers to operate ClinBox:
- Cloud hosting and storage
- Analytics for product improvement
- AI model APIs (OpenAI, Google, Anthropic)
- Payment processing
These processors act under contracts and may use data only as needed to provide services to ClinBox.
We do not:
- Sell your medical data to advertisers, data brokers, or marketers
- Share your data with insurance companies or employers for their purposes
- Use your data for marketing or advertising purposes unrelated to ClinBox
- Provide your data to third parties for their independent use without your consent
We share only necessary data with processors. For example:
- Payment processors receive only billing information, not your medical content
- Analytics tools receive aggregated, de-identified usage statistics
- AI providers process your content only to generate responses for you
- ClinBox is not a HIPAA-covered entity (we are not a healthcare provider, health plan, or healthcare clearinghouse)
- ClinBox is designed as a personal health organization tool for individuals to manage their own information
- You are responsible for ensuring your use of ClinBox complies with any applicable regulations
While not required to be HIPAA-compliant, we follow security practices aligned with HIPAA standards, including:
- Access controls and audit capabilities
- Encryption in transit and at rest
- Secure authentication mechanisms
If you are a healthcare provider subject to HIPAA and wish to use ClinBox for patient data:
- You must obtain a Business Associate Agreement (BAA) from us
- Contact enterprise@clinbox.org to discuss enterprise deployment options
- The standard ClinBox service is not covered by a BAA
Using ClinBox does not automatically make us your "business associate" under HIPAA. You are responsible for determining whether your use complies with applicable laws.
- You can delete your content from within the product. Routine backups may retain data for a limited period before being overwritten.
- Minimal operational logs may be kept for fraud prevention and system reliability.
ClinBox is intended for adults. If you are under the age of majority in your jurisdiction, use ClinBox only with the involvement of a parent or guardian.
We may update this policy. Material changes will be posted here with an updated date.
For privacy questions, data deletion requests, or other inquiries, contact: info@clinbox.org
By using ClinBox, you consent to this privacy policy and agree to its terms.