What we collect, why we collect it, and how we keep patient information protected as a HIPAA Business Associate.
Notifirm provides appointment reminders, two-way patient messaging, waitlist auto-fill, and billing tools for dental and health practices. This policy explains what information we collect, how we use it, and the choices you have. It covers our website and the Notifirm application.
Plain version: we collect what we need to run the service for your practice, we never sell your data, and we treat patient information as protected health information from the first message to the last.
We wear two hats. For account and billing data about the practices that buy Notifirm, we act as the business that decides how that data is used. For patient information that a practice loads into Notifirm, we act only as a service provider, handling it on the practice's instructions.
Under HIPAA, that second role makes Notifirm a Business Associate. We handle protected health information on behalf of the practice, which is the Covered Entity. See our HIPAA and BAA page for the details.
We collect a few clear categories of information:
We use information to:
We do not sell personal information, and we do not use patient information for advertising. We only use patient information to provide the service to your practice.
Protected health information is encrypted in transit and at rest. Access to patient data flows through our authenticated application servers, and direct client access to that data is denied by default. We limit who on our team can reach production data, keep audit trails, and review access regularly.
No system is perfectly secure, but security is a first-class part of how Notifirm is built, not an afterthought. Our safeguards are described in more detail on the HIPAA page.
We keep account and patient information for as long as your practice has an active account, and for a reasonable period afterward to meet legal, billing, and audit obligations. When you close your account, you can ask us to export or delete your data, and we will do so unless we are required to retain it by law or by our agreement with you.
Depending on where you live, you may have the right to access, correct, export, or delete personal information we hold about you. Practices can manage most account data directly in the app.
For patient information, requests from patients are handled through the practice, since the practice controls that data. If a patient contacts us directly, we will route the request to the right practice. To make a request about your own account, email privacy@notifirm.com.
Notifirm is a tool for practices and their staff, and is not directed to children. A practice may add a minor patient's appointment information, which we handle as protected health information on the practice's behalf and never for any other purpose.
We may update this policy as Notifirm grows or as the law changes. When we make a meaningful change, we will update the date above and, where appropriate, let you know in the app or by email. Continuing to use Notifirm after an update means you accept the revised policy.
Questions about privacy can go to privacy@notifirm.com. For anything else, visit our contact page.
Reach our team at privacy@notifirm.com and we will get back to you within two business days.