applaud.
Log inBook a demo
Privacy

Privacy, in plain language.

applaud was built inside healthcare, where privacy isn't a setting — it's the foundation. This page is a plain-English summary. The full legal Privacy Policy is available on request and is incorporated into every Customer Agreement and BAA.

Who this applies to

This Privacy summary applies to:

  • Customers — the practices, clinics, and groups that use applaud to generate reviews.
  • Patients— the people our Customers care for, whose visit and contact information we process on the Customer's behalf.
  • Visitors — anyone who browses applaud.you.

When we act for a Customer, we are a HIPAA Business Associate. A signed BAA governs that relationship.

What we collect

From Customers: account credentials, billing details, the EHR or practice-management identifier used to sync visits.

From Patients, via the Customer's EHR: only the minimum necessary to make outreach work — name, phone, email, visit date, and provider. We do not pull diagnoses, notes, prescriptions, or any clinical data. Ever.

From Visitors: standard web analytics (page, referrer, country-level IP), cookie preferences. No tracking pixels from ad networks.

How we use it

  • To run review outreach on the Customer's behalf via SMS, email, and human callers from our network.
  • To produce the funnel reports, alerts, and recurring calls the Customer has chosen.
  • To meet our compliance obligations (audit logs, opt-out lists, consent records).
  • To improve our outreach AI and scripts. Patient-level data is never used to train models without explicit Customer authorization, and never sold to third parties — full stop.

Who sees the data

The data lives inside our environment and the subprocessors required to run the service (hosting, telephony, email delivery). Each subprocessor is bound by a HIPAA-compliant BAA where applicable. A current subprocessor list is available on request.

We do not sell patient data. We do not share it for advertising. We do not provide it to third parties except under court order, where we will give the Customer notice unless legally prohibited.

Patient and customer rights

Patients can request deletion or correction of their information at any time by emailing privacy@applaud.you. We respond within 30 days. SMS opt-outs are honored instantly across channels.

Customers can export their data, terminate the service, and request deletion of all associated records under their Customer Agreement.

Security

  • Encryption in transit (TLS 1.2+) and at rest (AES-256).
  • Access on a least-privilege basis. No production engineer has standing access to patient data.
  • Audit logs for every read and write, retained for the contractual term plus seven years.
  • SOC 2 Type II in motion. HIPAA-aligned operational controls in place since launch.

Retention

Patient outreach records are kept for the duration of the Customer Agreement plus the period required by HIPAA and applicable state law (typically six to seven years), then deleted from primary systems and backup tiers on a documented schedule.

Changes to this summary

If we make material changes, we'll email Customers and update the “effective” date at the top of this page. The full legal Privacy Policy supersedes this summary in any conflict.

Questions? hello@applaud.you