Privacy Policy
Effective Date: May 8, 2025
CHECK-IN-APP IO LLC ("we," "us," "our") is committed to protecting the privacy of the professionals who use our Service and the patients who interact with it. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information.
By using the Service, you agree to the practices described in this Privacy Policy.
1. Who We Are
CHECK-IN-APP IO LLC is a technology company headquartered in California. We provide a notification-trigger platform that alerts licensed professionals when their clients arrive for appointments. We are not a healthcare provider, covered entity, or business associate as defined under HIPAA, except where we have separately executed a Business Associate Agreement with a specific client.
2. Zero-Knowledge Data Handling
CHECK-IN-APP IO LLC is designed from the ground up to operate on a zero-knowledge basis with respect to patient information. This means:
We do not collect, process, store, or transmit any patient names, patient phone numbers, dates of birth, diagnoses, treatment information, appointment details, insurance information, or any other individually identifiable health information.
The only information transmitted through the Service is an automated notification to the provider indicating that a client has arrived, along with the time and date of that arrival. No information identifying the arriving individual is included in that notification.
This architecture is intentional and permanent. It is the foundation of our privacy and security posture.
3. Information We Collect
We collect only the minimum information necessary to operate the Service.
Provider Account Information: When you create an account, we collect your name, business name, email address, and phone number. This information is used solely to administer your account and deliver the Service.
Billing Information: When you subscribe to the Service, payment is processed through Stripe, Inc. CHECK-IN-APP IO LLC does not store your credit card number, billing address, or other payment details. All payment data is handled directly by Stripe in accordance with PCI-DSS standards.
Usage Data: We may collect basic technical information such as login timestamps, device type, and IP address for security and service improvement purposes. This data is not linked to patient activity.
4. How We Use Your Information
We use the information we collect to:
Create and manage your provider account. Deliver the notification Service to you. Process your subscription payments through Stripe. Respond to your support requests. Send you service-related communications, including material updates to these Terms or this Policy. Maintain the security and integrity of the Service.
We do not use your information for advertising, behavioral profiling, or sale to third parties.
5. SMS Notifications and 10DLC Compliance
The Service delivers SMS notifications to provider phone numbers via Twilio, Inc. in compliance with 10DLC (10-Digit Long Code) carrier regulations.
No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. SMS notification data, including provider phone numbers, is used solely to deliver arrival alerts as part of the Service. Providers may reply STOP at any time to unsubscribe from SMS notifications.
6. Subprocessors
CHECK-IN-APP IO LLC uses the following third-party subprocessors to deliver the Service. Each subprocessor is contractually bound to protect data in accordance with applicable law.
Amazon Web Services (AWS): Provides cloud infrastructure and encrypted data storage. CHECK-IN-APP IO LLC has executed a Business Associate Agreement (BAA) with AWS. AWS is SOC 2 Type II and HIPAA-eligible certified.
Twilio, Inc.: Provides SMS delivery infrastructure for provider arrival notifications. Twilio is used solely to transmit outbound notification messages to provider phone numbers. No patient data is transmitted through Twilio.
Stripe, Inc.: Provides payment processing for subscription billing. Stripe is PCI-DSS Level 1 certified. CHECK-IN-APP IO LLC does not have access to raw payment card data.
We do not share your information with any subprocessors beyond what is technically necessary to deliver the Service.
7. HIPAA and Business Associate Agreements
Because CHECK-IN-APP IO LLC does not collect, store, or process Protected Health Information (PHI) as part of its standard Service, we do not function as a HIPAA Business Associate in the ordinary course of providing the Service.
However, we recognize that some clients operate in regulated healthcare environments and may require a Business Associate Agreement as a matter of organizational policy or out of an abundance of caution. CHECK-IN-APP IO LLC is willing to execute a BAA with clients upon request. Please contact us at info@checkinapp.io to request a BAA
8. Data Retention
Provider account information is retained for the duration of your active subscription and for a reasonable period thereafter in accordance with our legal and financial recordkeeping obligations. You may request deletion of your account data at any time by contacting us at info@checkinapp.io.
We do not retain patient or end-user data because we do not collect it.
9. Data Security
We take reasonable administrative, technical, and physical measures to protect your Account Data from unauthorized access, disclosure, or loss. These measures include encrypted data storage through AWS, secure transmission protocols (TLS), and access controls limiting who within our organization can access account information.
No method of transmission over the internet is completely secure. In the event of a security breach affecting your Account Data, we will notify you in accordance with California Civil Code section 1798.29 and applicable law.
10. Your Privacy Rights (California Residents)
As a California business, we comply with the California Consumer Privacy Act (CCPA). If you are a California resident, you have the right to:
Know what personal information we have collected about you and how it is used. Request deletion of your personal information, subject to certain exceptions. Opt out of the sale of your personal information. We do not sell personal information. Be free from discrimination for exercising your privacy rights.
To exercise any of these rights, contact us at info@checkinapp.io. We will respond to verified requests within 45 days.
11. Cookies and Tracking
Our website (checkinapp.io) uses the following technologies: Google Analytics for website traffic analysis (opt out at tools.google.com/dlpage/gaoptout); Cloudflare Turnstile for bot verification and security, which uses behavioral analysis to distinguish human users from automated bots; and Datadog for application performance monitoring and logging. We do not use third-party advertising cookies.
12. Children's Privacy
The Service is intended for use by licensed professionals and is not directed at individuals under the age of 18. We do not knowingly collect personal information from minors.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes — including changes to how we collect or use your information — will be communicated to you via email to the address associated with your account. The updated Policy will also be posted on our website with a revised Effective Date. Continued use of the Service after such changes constitutes your acceptance of the revised Policy.
14. Contact Information
If you have any questions or concerns about this Privacy Policy, please contact us at:
CHECK-IN-APP IO LLC