C
ClariMed

Privacy Policy

Last Updated: October 18, 2025

ClariMed ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our clinical decision support platform.

Data Controller

ClariMed
Mainzer Str. 44
12053 Berlin, Germany

Email: contact@getclarimed.com

Information We Collect

1. Account Information

  • Email address (required for authentication)
  • Display name
  • Medical specialty and subspecialty
  • Years in practice
  • Practice setting and location

2. Usage Data

  • Clinical queries (de-identified)
  • Search history and preferences
  • Feature usage patterns
  • Performance metrics

3. Technical Information

  • IP address (anonymized after 7 days)
  • Browser type and version
  • Device information
  • Session duration

✓ What We DO NOT Collect:

We do not collect patient names, medical record numbers, social security numbers, or any direct patient identifiers. Our platform is designed for physician education and clinical decision support, not patient data storage.

How We Use Your Information

  • Provide Services: Deliver clinical search results, documentation assistance, and platform features
  • Improve Platform: Analyze usage patterns to enhance accuracy and user experience
  • Communication: Send important updates, security alerts, and platform announcements
  • Compliance: Meet legal obligations under GDPR, MDR, and healthcare regulations
  • Security: Detect and prevent fraud, abuse, and unauthorized access

Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

  • Consent: You provide explicit consent when creating an account (Art. 6(1)(a) GDPR)
  • Contract Performance: Processing necessary to provide our services (Art. 6(1)(b) GDPR)
  • Legal Obligation: Compliance with healthcare and data protection laws (Art. 6(1)(c) GDPR)
  • Legitimate Interests: Platform security and fraud prevention (Art. 6(1)(f) GDPR)

Data Sharing and Disclosure

We share your information only in limited circumstances:

Service Providers (with BAAs)

  • Supabase: Database and authentication (EU servers)
  • Vercel: Application hosting and CDN
  • OpenAI: Clinical query processing (HIPAA-compliant)

Legal Requirements

We may disclose information when required by law, court order, or to protect our rights and safety.

âš  We Never:

  • Sell your personal data to third parties
  • Share data for marketing purposes
  • Transfer data outside the EU/EEA without safeguards

Your Rights Under GDPR

Right to Access (Art. 15)

Request a copy of all personal data we hold about you

Right to Rectification (Art. 16)

Correct inaccurate or incomplete data

Right to Erasure (Art. 17)

Request complete deletion of your account and data

Right to Data Portability (Art. 20)

Export your data in machine-readable format (JSON)

Right to Object (Art. 21)

Object to processing based on legitimate interests

To exercise any of these rights, email contact@getclarimed.com. We will respond within 30 days.

Data Retention

  • Account Data: Retained while account is active + 90 days after deletion
  • Query History: Anonymized after 12 months, aggregated analytics retained
  • Audit Logs: 7 years (legal requirement for medical device software)
  • Backups: Automatically deleted after 30 days

Data Security

We implement industry-standard security measures:

  • TLS 1.3 encryption for all data in transit
  • AES-256 encryption for data at rest
  • Row Level Security (RLS) in database
  • Multi-factor authentication (MFA) available
  • Regular security audits and penetration testing
  • SOC 2 Type II certified infrastructure

International Data Transfers

All data is stored in EU/EEA data centers (Frankfurt, Germany). We do not transfer data outside the EU/EEA without Standard Contractual Clauses (SCCs) or other GDPR-compliant safeguards.

Children's Privacy

ClariMed is intended for licensed medical professionals only. We do not knowingly collect information from individuals under 18 years of age.

Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email at least 30 days before taking effect. Continued use after changes indicates acceptance.

Contact Us

For privacy-related questions or to exercise your rights:

Email: contact@getclarimed.com

Mail: ClariMed, Mainzer Str. 44, 12053 Berlin, Germany

DPO (Data Protection Officer): contact@getclarimed.com

Supervisory Authority

You have the right to lodge a complaint with the German data protection authority:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstraße 219
10969 Berlin, Germany
Website: www.datenschutz-berlin.de

Related Resources

Terms of ServiceSecurity & ComplianceImpressum