Privacy Policy

1. What We Store

The only data ClearPass stores on its servers is what is required to operate your account:

• Your name and email address — for account management, login, and service notifications.
• Your subscription status — plan type, expiry date, daily usage count (number of notes generated, no content).
• Aggregate, anonymous traffic data — hashed, non-identifying counts of how many people visit the landing page, with all identifiers anonymised within 7 days.

2. What We Never Store

• The clinical note text you enter — processed in real time and discarded
• The generated EMR notes and justification letters — stored on YOUR device only, never on our servers
• Patient names, Emirates ID, MRN, date of birth, contact details — must not be entered, and any pattern detected is auto-redacted before transmission
• Browser fingerprints, IP addresses tied to your usage, or any tracking cookies

3. Note History — Local Only

The note history shown in the app is stored exclusively in your browser's localStorage on the device you're using. Clearing your browser data deletes it permanently. There is no server-side copy — if you change devices or browsers, your previous notes are not retrieved.

4. Payment Processing

All payments are processed by Paddle as our merchant of record. Paddle collects and processes the payment card and billing details directly. ClearPass never sees, stores, or has access to your payment card numbers, CVV, or full billing address. Paddle's privacy policy applies to the data they collect: paddle.com/legal/privacy.

5. Third Parties

ClearPass uses the following third-party services strictly to operate the platform:

• Anthropic (USA): AI processing infrastructure. Clinical note text is transmitted in real time to Anthropic's API for note generation. Not stored after processing.
• Paddle (UK / EU): Payment processing and billing. Receives payment card and billing details directly.
• Railway (USA): Application hosting infrastructure.
• Resend (USA): Transactional email delivery (subscription confirmations, password emails).

We do not use third-party advertising trackers, analytics platforms (Google Analytics, Facebook Pixel, etc.), or data brokers. We do not sell, rent, or share your personal data with any third party for marketing.

6. Compliance

ClearPass operates in alignment with the principles of the UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection. Our zero-server-storage approach for clinical content is designed to minimise data risk by design.

The treating physician remains responsible for ensuring no patient-identifiable information is entered into the platform. The platform's auto-redaction is a safety net, not a substitute for proper de-identification.

7. Your Rights

• Access: request a copy of the account data we hold (name, email, subscription status).
• Deletion: request full account deletion at any time via email. We will action deletion within 30 days.
• Correction: update your name or email through your account settings or by emailing us.
• Portability: we can export your account data in machine-readable format on request.

8. Data Retention

Account data (name, email, subscription) is retained while your account is active. After cancellation, data is retained for 90 days for billing reconciliation, then permanently deleted. Anonymous traffic counts older than 90 days are auto-purged from server logs.

9. Children

ClearPass is intended for licensed healthcare professionals only. It is not directed at, and we do not knowingly collect data from, individuals under the age of 18.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email. The "Last updated" date at the top of this page reflects the most recent revision.

11. Contact

Questions, deletion requests, or data subject access requests: support@clearpass.health