Privacy Policy

Your privacy matters to us. This policy explains how we collect, use, and protect your information.

Last Updated: January 26, 2026HIPAA Compliant

Privacy at a Glance

We collect only essential information to provide healthcare services. Your data is encrypted, never sold to third parties, and you can request deletion at any time. We comply with HIPAA, CCPA, and other applicable privacy regulations.

1. Information We Collect

We collect information you provide directly and information collected automatically when you use our services.

Information You Provide

  • Account Information: Name, email address, phone number, and password when you create an account.
  • Health Information: Medical history, symptoms, treatment records, and other health-related data necessary for providing podiatry and physiotherapy services.
  • Payment Information: Credit card details, billing address, and transaction history processed securely through Stripe.
  • Appointment Information: Scheduling preferences, practitioner selections, and appointment notes.
  • Communications: Messages you send through our contact forms, emails, or during appointments.

Information Collected Automatically

  • Device Information: Browser type, operating system, device identifiers.
  • Usage Data: Pages visited, features used, time spent on pages.
  • Location Data: General geographic location based on IP address.

2. How We Use Your Information

We use your information for the following purposes:

  • Healthcare Services: To provide, personalize, and improve our podiatry and physiotherapy services.
  • Appointment Management: To schedule, confirm, and remind you of appointments.
  • Communication: To send important updates, respond to inquiries, and provide patient recall reminders.
  • Payment Processing: To process payments and prevent fraud.
  • Service Improvement: To analyze usage patterns and improve our website and services.
  • Legal Compliance: To comply with healthcare regulations, legal obligations, and protect our rights.

3. Information Sharing

We never sell your personal information.

We may share your information with:

  • Healthcare Providers: Our practitioners and staff involved in your care.
  • Service Providers: Trusted third parties who help us operate our services (payment processors, email services, hosting providers) under strict confidentiality agreements.
  • Legal Requirements: When required by law, court order, or to protect safety.
  • With Your Consent: For any other purposes with your explicit permission.

Our Service Providers

  • Stripe: Payment processing (PCI-DSS compliant)
  • Neon: Database hosting (SOC 2 Type II certified)
  • Vercel: Website hosting and delivery
  • Resend: Email communications
  • Upstash: Rate limiting and caching

4. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256).
  • Access Controls: Role-based access with multi-factor authentication for staff.
  • Regular Audits: Security assessments and vulnerability testing.
  • Secure Infrastructure: Hosted on SOC 2 Type II certified infrastructure.
  • Password Protection: Passwords are hashed using bcrypt with salt rounds.

While we strive to protect your information, no method of transmission over the Internet is 100% secure. We encourage you to use strong passwords and keep your account credentials confidential.

5. Your Privacy Rights

Depending on your location, you may have the following rights:

For All Users

  • Access: Request a copy of your personal data.
  • Correction: Request correction of inaccurate information.
  • Deletion: Request deletion of your data (subject to legal retention requirements).
  • Opt-out: Unsubscribe from marketing communications.

California Residents (CCPA)

  • Right to know what personal information is collected.
  • Right to delete personal information.
  • Right to opt-out of sale of personal information (we do not sell your data).
  • Right to non-discrimination for exercising privacy rights.

HIPAA Rights

  • Right to access your medical records.
  • Right to request amendments to your health information.
  • Right to an accounting of disclosures.
  • Right to request restrictions on certain uses and disclosures.

To exercise these rights, contact us at privacy@solemed.clinic

6. Cookies & Tracking

We use cookies and similar technologies to enhance your experience:

  • Essential Cookies: Required for website functionality (authentication, security).
  • Analytics Cookies: Help us understand how visitors use our website (Vercel Analytics).
  • Preference Cookies: Remember your settings and preferences.

You can control cookies through your browser settings. Disabling certain cookies may affect website functionality.

7. Children's Privacy

Our services are not directed to children under 13. We do not knowingly collect personal information from children under 13. For patients under 18, a parent or guardian must provide consent and manage the account.

If you believe we have collected information from a child under 13, please contact us immediately.

8. Contact Us

For privacy-related questions or to exercise your rights, contact our Privacy Officer:

SoleMed Clinic

254 Chapman Rd Ste 208
Newark, DE 19702, USA

privacy@solemed.clinic
+1 (408) 548 1121

This privacy policy is effective as of January 26, 2026. We may update this policy from time to time. Material changes will be communicated via email or website notice.

Terms of Service · Contact Us