Cloud-Based Practice Management for Personal Injury Medical Clinics
Effective Date and Version
Effective Date: April 27, 2026
Last Updated: April 27, 2026
Version: 2.0
Material changes to this Policy will be communicated to account holders by email and in-product notification at least thirty (30) days before they take effect, unless a shorter period is required by law.
420 Technology Parkway NW, Suite 300
Peachtree Corners, Georgia 30092, United States
privacy@qliniq.ai | security@qliniq.ai | support@qliniq.ai
QliniQ LLC (“QliniQ,” “Company,” “we,” “us,” or “our”) respects your privacy and is committed to protecting personal information entrusted to us. QliniQ provides a cloud-based practice management platform (the “Platform” or “Services”) built exclusively for personal injury medical clinics. The Platform enables our subscribing clinics (“Subscribers”) to manage patient leads, cases, scheduling, treatment records, partner relationships, billing coordination, and the related clinical and administrative workflows that support medical-legal cases. Subscribers may, in turn, make portions of the Services available to their employees, contractors, law firm partners, and other authorized third parties (“End Users”) as permitted by the QliniQ Terms of Service.
This Privacy Policy (“Policy”) explains the personal data we collect from visitors to our website at https://www.qliniq.ai (the “Site”), from individuals who interact with us in connection with our sales, marketing, and support activities, and from authorized End Users who access the Platform on behalf of a Subscriber. It describes how we use that personal data, with whom we share it, the rights and choices you have, and how to contact us about our privacy practices.
This Policy applies to the QliniQ Site, the QliniQ core application, the QliniQ Attorney Portal, and other QliniQ-branded products and services that link to or reference this Policy. It does not apply to websites, products, or services of third parties, which are governed by their own privacy policies.
Please read this Policy carefully. By accessing or using the Site or Services, you acknowledge that you have read and understood this Policy.
| If You Are a Patient of a QliniQ Subscriber
QliniQ does not provide medical care, schedule your appointments, or make decisions about your treatment. QliniQ is a software service that your healthcare provider uses to operate its practice. Your medical records and other Protected Health Information (“PHI”) are governed by your healthcare provider’s Notice of Privacy Practices, not by this Policy. Your provider is the “Covered Entity” under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”); QliniQ is a “Business Associate” that processes PHI on the provider’s behalf under a Business Associate Agreement. To exercise rights regarding your medical records — including access, amendment, restriction, or accounting of disclosures — please contact your healthcare provider directly. QliniQ will support and facilitate any request received from a Subscriber on your behalf in accordance with HIPAA and the applicable Business Associate Agreement. |
If you access the QliniQ Attorney Portal as an authorized representative of a law firm, you do so under the terms of access established by the subscribing clinic and any applicable Business Associate Agreement. PHI you access through the Portal remains the responsibility of you and your firm under HIPAA and any applicable professional rules. Your access is limited to records of clients of your law firm; cross-firm access is technically prohibited and continuously monitored.
For purposes of this Policy, the following terms have the meanings set forth below.
| Term | Definition |
| Authorized User | An individual whom a Subscriber permits to access and use the Platform on its behalf, such as a clinic owner, administrator, clinical staff member, billing coordinator, or attorney portal user. |
| Business Associate | An entity that performs functions involving the use or disclosure of PHI on behalf of a HIPAA Covered Entity, as defined at 45 C.F.R. § 160.103. QliniQ acts as a Business Associate to its Subscribers. |
| Covered Entity | A healthcare provider, health plan, or healthcare clearinghouse that transmits health information electronically in connection with a HIPAA-regulated transaction. QliniQ Subscribers are Covered Entities. |
| End User | Any individual who interacts with the Site or Services, including Authorized Users, patients whose data appears in the Platform, law firm portal users, and visitors to the Site. |
| Personal Data | Information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device. “Personal Data” has the same meaning as “personal information,” “personally identifiable information,” and similar terms used in applicable privacy laws. |
| Protected Health Information (PHI) | Individually identifiable health information held or transmitted by a Covered Entity or Business Associate, in any form or medium, as defined at 45 C.F.R. § 160.103. |
| Sensitive Personal Information (SPI) | A subset of Personal Data that receives heightened protection under various state laws, including Social Security numbers, driver’s license numbers, account credentials, precise geolocation, racial or ethnic origin, religious beliefs, contents of communications, genetic data, biometric data, health information, and information about sex life or sexual orientation. |
| Service Provider / Processor | A third party that processes Personal Data on behalf of QliniQ for a defined business purpose, under a written contract that restricts the third party’s use of the data. |
| Subscriber | A medical clinic or practice that has executed a QliniQ subscription agreement and uses the Platform to manage its operations. |
| Subprocessor | A third party engaged by QliniQ to assist in providing the Services, such as cloud hosting, communications, payment processing, or analytics, that may process Personal Data on our behalf. |
The categories of Personal Data we collect, the categories of sources, our business purposes for collection, and the categories of third parties with whom we share each category are summarized below. Some categories include Sensitive Personal Information, which is described separately in Section 5.
In the twelve (12) months preceding the Effective Date of this Policy, and on an ongoing basis, QliniQ collects the following categories of Personal Data, as those categories are described in the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (“CCPA”).
| CCPA Category | Examples | Collected |
| A. Identifiers | Real name, alias, postal address, unique personal identifier, online identifier, IP address, email address, account name, telephone number. | Yes |
| B. Customer records (Cal. Civ. Code § 1798.80(e)) | Name, signature, address, telephone, education, employment, employment history, bank account number, credit card number, debit card number, medical information, health insurance information. | Yes |
| C. Protected classification characteristics | Age, race, color, ancestry, national origin, citizenship, religion, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy, childbirth, and related conditions), sexual orientation, veteran or military status, genetic information. | Yes (entered by Subscribers about patients in the course of medical care) |
| D. Commercial information | Records of products or services purchased, obtained, or considered; subscription tier; transaction history; billing records. | Yes |
| E. Biometric information | Genetic, physiological, behavioral, and biological characteristics; activity patterns; fingerprints; voiceprints; iris or retina scans; keystroke; gait. | No |
| F. Internet or other network activity | Browsing history, search history, information regarding interaction with the Site or Services, advertisements, or applications. | Yes |
| G. Geolocation data | Physical location or movements. QliniQ collects approximate location from IP address. We do not collect precise geolocation (within 1,850 feet) from any device. | Yes (approximate only) |
| H. Sensory data | Audio, electronic, visual, thermal, olfactory, or similar information. | Limited (call recordings as described in Section 17, document and image uploads entered by Subscribers) |
| I. Professional or employment information | Current or past job history, performance evaluations, professional license information. | Yes (limited to Authorized User role information) |
| J. Education information (FERPA-protected) | Education records directly related to a student maintained by an educational institution. | No |
| K. Inferences | Profiles reflecting preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, aptitudes. | Limited (operational analytics; see Section 9 on automated decision-making) |
| L. Sensitive Personal Information | See Section 5. | Yes |
Account Information. When you register for a QliniQ account or are added as an Authorized User by a Subscriber, we collect your full name, business email address, business telephone number, organization name, role or job title, and authentication credentials.
Profile Information. You may add optional information to your profile within the Platform, including a profile photograph, contact preferences, signature block, and notification settings.
Patient and Case Information. Subscribers and their Authorized Users enter information about patients and cases into the Platform, including patient demographics (name, date of birth, contact information, the last four digits of Social Security number, marital status, preferred language), incident details, attorney and law firm assignments, treatment plans, appointment records, medical records and clinical notes, billing and lien information, and uploaded documents. Most of this information constitutes PHI under HIPAA and is governed by Section 4.
Partner and Referral Information. Subscribers enter information about their law firm partners, medical clinic partners, and other referral relationships, including organization names, addresses, key contact names and contact details, referral history, and notes about the relationship.
Attorney Portal Information. Law firm users invited to access the Attorney Portal provide their name, business email address, role (attorney or paralegal), and authentication credentials. Their account is provisioned only upon invitation by a Subscriber’s administrator.
Inquiry and Marketing Information. When you fill in our online forms to contact our sales team, request a demo, download a resource, or subscribe to communications, we collect your name, contact information, organization name, role, and the contents of your inquiry.
Billing and Payment Information. Subscribers provide a billing contact, billing address, and a payment method. QliniQ does not store full payment card numbers; payment instruments are tokenized and processed by our PCI-DSS compliant payment processor.
Communications. When you communicate with us by email, telephone, text message, in-product chat, support ticket, or video conference, we collect the contents of the communication and metadata about it. See Section 17 for our policy on call recording.
When you interact with the Site or the unauthenticated portions of our Services, we and certain third-party Service Providers may collect:
We may receive Personal Data about you from sources other than you, including:
QliniQ processes PHI on behalf of its Subscribers in connection with the Services. With respect to PHI, QliniQ acts as a Business Associate of its Subscribers under HIPAA, the Health Information Technology for Economic and Clinical Health Act (“HITECH”), and their implementing regulations (collectively, the “HIPAA Rules”).
The handling of PHI is governed primarily by the Business Associate Agreement (“BAA”) executed between QliniQ and each Subscriber. To the extent there is any conflict between this Policy and an applicable BAA with respect to PHI, the terms of the BAA control.
QliniQ implements administrative, physical, and technical safeguards designed to comply with the HIPAA Security Rule (45 C.F.R. Part 164, Subpart C), the HIPAA Privacy Rule (45 C.F.R. Part 164, Subpart E), and the HIPAA Breach Notification Rule (45 C.F.R. Part 164, Subpart D). These safeguards include, at a minimum:
QliniQ uses and discloses PHI only as permitted by the applicable BAA, the HIPAA Rules, and applicable law. Specifically:
If you are a patient, the rights you have regarding your medical records — including the right to access, request amendment, request restriction, request confidential communications, request an accounting of disclosures, and file a complaint — are administered by your healthcare provider as the Covered Entity, in accordance with HIPAA and the provider’s Notice of Privacy Practices. Please contact your healthcare provider directly to exercise these rights. QliniQ will assist Subscribers in fulfilling such requests as required by the BAA.
QliniQ collects categories of Sensitive Personal Information (“SPI”) in the course of providing the Services. The categories of SPI we collect, the purposes for which we use them, and your right to limit certain uses are described below.
| Category of SPI | Source | Purpose |
| Social Security Number (last four digits only) | Provided by patient to Subscriber; entered into Platform by Authorized User | Patient identification, lien processing, insurance verification |
| Account log-in information and credentials | Provided by Authorized User during account creation | Authentication and account security |
| Health information, medical records, treatment information | Entered by Subscriber Authorized Users in connection with patient care | Operation of the Services on behalf of the Subscriber; subject to HIPAA |
| Health insurance information | Provided by patient to Subscriber; entered into Platform | Billing and lien coordination; subject to HIPAA |
| Racial or ethnic origin (where collected) | Entered by Subscriber as part of patient demographics | Operation of the Services on behalf of the Subscriber |
| Contents of patient communications stored in the Platform | Entered by Subscriber Authorized Users | Care coordination on behalf of the Subscriber |
| Precise geolocation | Not collected | Not applicable |
Under California, Connecticut, Colorado, Texas, and certain other state privacy laws, you may have the right to limit our use and disclosure of your SPI to those uses that are necessary to perform the Services, prevent fraud, ensure security, or maintain the integrity of our products. QliniQ already limits its use of SPI to these purposes. We do not use or disclose SPI for the purpose of inferring characteristics about you, for cross-context behavioral advertising, or for any purpose unrelated to the operation of the Services. Accordingly, the right to limit does not require any change to how we already process SPI. To submit a request to limit, see Section 14.
We use Personal Data only for purposes that are necessary, proportionate, and disclosed to you. The legal bases on which we rely include performance of a contract with you or our Subscriber, our legitimate business interests, your consent where required, and compliance with our legal obligations. Specifically, we use Personal Data to:
We do not use PHI or SPI for marketing or advertising. We do not sell Personal Data. We do not share Personal Data for cross-context behavioral advertising. See Sections 4 and 7 for related details.
Cookies are small text files placed on your device by websites you visit. We and our Service Providers use cookies, pixels, software development kits, and similar technologies (collectively, “Tracking Technologies”) on our Site and on certain unauthenticated portions of our Services to recognize your device, remember your preferences, and understand how visitors interact with our properties.
| Category | Purpose | Consent Required |
| Strictly Necessary | Required for the operation of the Site and Services, including authentication, security, load balancing, and session management. Without these cookies, the Services cannot function. | No (always active) |
| Functional | Enable enhanced functionality and personalization, such as remembering language, region, or accessibility preferences. | Yes, where required by law |
| Analytics / Performance | Help us understand how visitors interact with the Site by collecting aggregated and de-identified usage information. We use these solely on the public Site, never on authenticated Platform pages. | Yes, where required by law |
| Marketing / Advertising | Used to deliver relevant advertisements about QliniQ on third-party websites and to measure marketing campaign performance. We use these solely on the public Site, never on authenticated Platform pages or any page where PHI may be present. | Yes (opt-in / cookie banner) |
| No Tracking Technologies on Authenticated PHI Pages
In keeping with the U.S. Department of Health and Human Services Office for Civil Rights (“HHS OCR”) guidance on the use of online tracking technologies by HIPAA-regulated entities, QliniQ does not deploy advertising pixels, third-party analytics, behavioral tracking, session-replay tools, or other Tracking Technologies on any authenticated portion of the Platform, the Attorney Portal, or any page or feature where PHI is or may be transmitted. This includes, without limitation, no use of Meta/Facebook Pixel, Google Analytics, Google Ads conversion tracking, TikTok Pixel, LinkedIn Insight Tag, Twitter/X Pixel, HotJar, FullStory, Microsoft Clarity, or comparable tools on authenticated PHI-containing surfaces. On the public, unauthenticated Site (https://www.qliniq.ai), we use a limited set of analytics and marketing Tracking Technologies for ordinary website operations, subject to your consent where required by law. No PHI is or could be transmitted on the public Site. |
You can manage non-essential cookies through the cookie preference banner displayed on your first visit to the Site and through the “Cookie Preferences” link available in the Site footer at any time. You can also control cookies through your browser settings, including blocking all cookies, deleting cookies, or being notified before cookies are set. Disabling Strictly Necessary cookies will impair core functionality.
QliniQ honors the Global Privacy Control (“GPC”) signal as a valid request to opt out of the sale and sharing of Personal Data, where applicable, in accordance with California, Colorado, Connecticut, and other state privacy laws that recognize universal opt-out mechanisms. When we detect a GPC signal from your browser, we will treat it as an opt-out request for that browser and device.
Some browsers transmit “Do Not Track” (“DNT”) signals to websites. Because there is no universally accepted standard for interpreting DNT, our Site does not respond to DNT signals at this time. We do, however, honor GPC signals as described above.
QliniQ does not sell Personal Data. QliniQ does not share Personal Data with third parties for cross-context behavioral advertising. We disclose Personal Data only to the categories of recipients described below, and only for the purposes described.
Personal Data you provide as an Authorized User of a Subscriber is shared with that Subscriber and with other Authorized Users of that Subscriber as authorized by the Subscriber’s administrators. Subscribers control role and permission settings within their account.
We disclose Personal Data to Subprocessors and Service Providers that perform functions on our behalf, such as cloud hosting, authentication, document storage, communications delivery, payment processing, customer support tooling, analytics, security monitoring, and auditing services. We require all Subprocessors and Service Providers to:
A current list of Subprocessors is maintained at https://www.qliniq.ai/subprocessors and is updated whenever a new Subprocessor is added. Subscribers may subscribe to be notified of new Subprocessors at least thirty (30) days before they begin processing Personal Data.
When a Subscriber enables Attorney Portal access for a law firm partner, that firm’s authorized representatives may view the case and treatment records of the firm’s own clients only. Visibility is enforced at the row level by the Subscriber and at the document level by the case-management staff. Cross-firm access is prohibited and continuously logged. All Attorney Portal activity is recorded in an immutable audit trail accessible to the Subscriber.
We may disclose Personal Data when we believe in good faith that disclosure is necessary to:
When permitted by law, we will notify the affected Subscriber before responding to legal process directed at PHI or other Subscriber data, so the Subscriber can seek a protective order or take other action. We will challenge requests we believe are overbroad or unlawful.
If QliniQ is involved in a merger, acquisition, financing, reorganization, bankruptcy, receivership, sale of assets, or transition of services to another provider, Personal Data may be transferred or disclosed as part of that transaction, subject to standard confidentiality obligations and applicable law. We will require the receiving party to honor the commitments in this Policy or to provide you notice and a meaningful choice before any materially different processing.
We may disclose Personal Data for any other purpose with your consent or at your direction.
Several state privacy laws, including those of California, Colorado, Connecticut, Texas, Virginia, Oregon, and Delaware, require disclosure of “profiling” or “automated decision-making” that produces legal or similarly significant effects. The European Union General Data Protection Regulation (“GDPR”), the United Kingdom GDPR, and the EU Artificial Intelligence Act impose comparable obligations. QliniQ’s use of automation and artificial intelligence is described below.
QliniQ does not make decisions about you that produce legal or similarly significant effects (such as denial of medical care, denial of insurance, denial of credit, or denial of employment) using solely automated processing, without human review.
Decisions about patient care, including treatment, scheduling, and clinical judgment, are made by Authorized Users of the Subscriber clinic — not by QliniQ.
QliniQ uses non-AI automation to support clinic workflows, including automatic lead-to-case status transitions, automated appointment reminders, automated notifications when a records request status changes, smart suggestion of the nearest clinic location based on a patient’s address, and rule-based task assignment. None of these features involves profiling that produces legal or similarly significant effects.
QliniQ may, now or in the future, offer features that use machine learning or generative artificial intelligence (“AI Features”) to support clinic operations, such as suggested lead prioritization, drafting assistance, summarization of clinical notes, or anomaly detection. The following commitments apply to all AI Features:
To the extent any future feature constitutes “profiling in furtherance of a decision that produces a legal or similarly significant effect” under applicable law, you will have the right to opt out of that profiling, correct inaccurate Personal Data used in the profiling, and receive a meaningful explanation of the logic involved. Requests may be submitted as described in Section 14.
QliniQ implements organizational, technical, and administrative measures designed to protect Personal Data against unauthorized access, destruction, loss, alteration, disclosure, or misuse. Our security program is aligned with the HIPAA Security Rule, the NIST Cybersecurity Framework, and SOC 2 trust service criteria.
| Control | Description |
| Encryption in Transit | TLS 1.2 or higher on all connections to the Site, the Platform, the Attorney Portal, and our APIs. HTTP is redirected to HTTPS at the load balancer. |
| Encryption at Rest | All databases and document storage are encrypted using AWS KMS. Backups are encrypted using the same standard. |
| Access Control | Role-based access control. Production access is granted on a least-privilege, time-limited basis. Multi-factor authentication is required for production system access and for all Attorney Portal users; recommended for all clinic Authorized Users. |
| Authentication | AWS Cognito user pools with strong password policies (minimum 12 characters, complexity required), account lockout after repeated failures, and optional or required multi-factor authentication. |
| Audit Logging | Immutable, append-only audit logs for access to and modification of PHI; retained for a minimum of six (6) years. Logs are reviewed for anomalous activity. |
| Network Security | Segmented private virtual networks, web application firewall, distributed denial-of-service protection, intrusion detection, and continuous vulnerability scanning. |
| Application Security | Input validation, parameterized queries, output encoding, content security policy headers, secrets management via AWS Secrets Manager, and routine third-party penetration testing. |
| Document Security | Documents are stored in private object storage with no public access. Access is granted only via short-lived presigned URLs (15-minute expiry). Permanent document URLs are not used. |
| Personnel Security | Background checks, mandatory security and HIPAA training, written policies and procedures, sanctions for non-compliance, and confidentiality agreements. |
| Vendor Risk Management | Diligence of all Subprocessors, contractual data protection terms, and ongoing monitoring. |
| Business Continuity | Automated backups, point-in-time recovery, defined recovery time and recovery point objectives, and tested incident response procedures. |
| Independent Assessment | Annual third-party penetration testing of the Platform, Attorney Portal, and supporting infrastructure. Critical and high findings remediated before next release. |
Despite these measures, no system can guarantee absolute security. If you have reason to believe that your interaction with QliniQ is no longer secure, please contact us immediately at security@qliniq.ai.
We retain Personal Data only for as long as is necessary to fulfill the purposes for which it was collected, to comply with our legal, accounting, or reporting obligations, to resolve disputes, and to enforce our agreements. The retention period for each category of Personal Data is determined by the criteria below.
| Category of Personal Data | Typical Retention Period | Criteria Applied |
| Subscriber account and Authorized User data | Duration of subscription plus 12 months | Contractual obligations; tax and accounting requirements |
| Patient and case data (PHI) | Duration of the BAA plus the longer of 6 years or the period required by applicable state medical-record retention law | HIPAA Privacy Rule (45 C.F.R. § 164.530(j)) and state law |
| Audit logs and access logs (PHI) | Minimum of 6 years from the date of creation | HIPAA Security Rule documentation requirements |
| Billing and payment records | 7 years from the date of the transaction | Tax, accounting, and audit requirements |
| Marketing and prospect data | Until the individual unsubscribes or 24 months of inactivity, whichever is sooner | Reasonable business need; CAN-SPAM and applicable opt-out laws |
| Support tickets and inquiry records | 3 years from resolution | Service quality and dispute resolution |
| Cookies and online identifiers | Per cookie lifetime declared in our Cookie Policy | Functional necessity; consent obtained where required |
| Backup copies | Up to 90 days following deletion from production systems | Disaster recovery and integrity |
| Security incident records | 7 years from the date of the incident | Regulatory, audit, and litigation requirements |
When the applicable retention period ends, we will delete or de-identify the Personal Data in accordance with our written deletion procedures. De-identified data may be retained indefinitely; we do not attempt to re-identify de-identified data and contractually require the same of any recipient.
QliniQ maintains a written incident response plan and a 24/7 security monitoring posture. In the event of a security incident affecting Personal Data, we will:
For purposes of this Section, “breach” means an acquisition, access, use, or disclosure of Personal Data that compromises the security, confidentiality, or integrity of the data, in a manner that triggers a notification obligation under HIPAA or applicable law. Not every security event constitutes a breach. We follow the risk-assessment factors set forth at 45 C.F.R. § 164.402 to determine whether an incident involving PHI constitutes a breach requiring notification.
If you believe that Personal Data in QliniQ has been compromised, please contact security@qliniq.ai immediately. Provide as much detail as possible to assist our investigation. We do not retaliate against persons who report suspected security incidents in good faith.
QliniQ is headquartered in the United States, and the Services are hosted on Amazon Web Services infrastructure located in the United States. Personal Data is stored and processed in the United States. By using the Services, you understand that your Personal Data may be transferred to and processed in the United States, which may have data-protection laws different from those of your country.
When Personal Data is transferred from the European Economic Area, the United Kingdom, or Switzerland to the United States, QliniQ implements safeguards required by applicable law, which may include the European Commission Standard Contractual Clauses (the “EU SCCs”), the United Kingdom International Data Transfer Addendum, the Swiss-specific addendum to the EU SCCs, and supplementary measures consistent with the EDPB recommendations on transfer impact assessments. We will provide a copy of the applicable transfer mechanism upon request submitted to privacy@qliniq.ai.
QliniQ does not currently rely on the EU-U.S. Data Privacy Framework, the U.K. Extension to that Framework, or the Swiss-U.S. Data Privacy Framework as a transfer mechanism. We will update this Policy if our practices change.
Depending on the jurisdiction in which you reside and your relationship with QliniQ, you may have the rights described below. Where two or more sets of rights apply, we will honor the rights that are most protective of you. QliniQ does not discriminate against you for exercising any of these rights.
| Important: How QliniQ Receives Privacy Requests
QliniQ processes most Personal Data on behalf of its Subscribers as a Service Provider, Processor, or Business Associate. If your Personal Data is held by QliniQ because you are a patient, attorney portal user, partner contact, or other End User of a Subscriber, please direct privacy requests to that Subscriber, who is the controller / Covered Entity for your data. QliniQ will support and assist the Subscriber in responding to your request as required by our agreements and applicable law. For Personal Data that QliniQ collects directly as a controller — such as visitor data on www.qliniq.ai, sales and marketing inquiries, and Authorized User account information — submit your request directly to QliniQ using the methods in Section 16. |
Regardless of your jurisdiction, QliniQ offers the following choices to all End Users:
If you are a resident of a U.S. state with a comprehensive consumer privacy law, you may have the rights described below. The applicability of each right is determined by the law of the state in which you reside and the nature of your relationship with QliniQ.
| Right | Description | States Where Available |
| Right to Know / Access | Confirm whether we process Personal Data about you, and obtain access to that data and the categories of sources, business purposes, and recipients. | CA, VA, CO, CT, UT, TX, FL, OR, MT, IA, TN, IN, DE, NJ, NH, MD, MN, KY, RI |
| Right to Delete | Request deletion of Personal Data we have collected about you, subject to legal retention obligations and other limited exceptions. | CA, VA, CO, CT, UT, TX, FL, OR, MT, IA, TN, IN, DE, NJ, NH, MD, MN, KY, RI |
| Right to Correct | Request correction of inaccurate Personal Data we maintain about you. | CA, VA, CO, CT, TX, FL, OR, MT, TN, IN, DE, NJ, NH, MD, MN, KY, RI |
| Right to Portability | Receive a copy of your Personal Data in a portable, technically feasible, readily usable format. | CA, VA, CO, CT, UT, TX, FL, OR, MT, TN, IN, DE, NJ, NH, MD, MN, KY, RI |
| Right to Opt Out of Sale | Opt out of the sale of your Personal Data. QliniQ does not sell Personal Data. | All applicable states |
| Right to Opt Out of Sharing for Cross-Context Behavioral Advertising | Opt out of the sharing of your Personal Data for cross-context behavioral advertising. QliniQ does not share Personal Data for this purpose. | CA, CO, CT, TX, FL, OR, MT, DE, NJ, NH, MD, MN, RI |
| Right to Opt Out of Profiling | Opt out of profiling in furtherance of decisions that produce legal or similarly significant effects. | CA, VA, CO, CT, TX, FL, OR, MT, DE, NJ, NH, MD, MN, RI |
| Right to Limit Use of Sensitive Personal Information | Limit our use and disclosure of SPI to purposes necessary to perform the Services, prevent fraud, and ensure security. | CA, CO, CT, TX |
| Right to Appeal | Appeal a denial of a privacy request. We will respond to an appeal within the period required by applicable state law (typically 45 to 60 days). | VA, CO, CT, TX, FL, OR, MT, TN, IN, DE, NJ, NH, MD, MN, KY, RI |
| Right to Non-Discrimination | Receive equivalent service even if you exercise your privacy rights. | All applicable states |
If you are a California resident, you have all of the rights listed in the table above. In addition, the CCPA grants you:
QliniQ has not sold or shared Personal Information for cross-context behavioral advertising in the preceding twelve (12) months and has no plans to do so. QliniQ has not knowingly sold or shared Personal Information of consumers under sixteen (16) years of age.
QliniQ’s “Notice at Collection” is provided through this Policy at the point of collection on the Site. The categories of Personal Information collected, sources, purposes, and disclosure recipients are set out in Sections 3, 5, and 8.
If you are a Virginia resident, you have the right to access, correct, delete, and obtain a portable copy of your Personal Data, and the right to opt out of (i) the sale of your Personal Data, (ii) targeted advertising, and (iii) profiling in furtherance of decisions that produce legal or similarly significant effects. You also have the right to appeal a denial of any of these requests.
If you are a Colorado resident, you have the right to access, correct, delete, and obtain a portable copy of your Personal Data, the right to opt out of the sale of Personal Data, targeted advertising, and certain profiling, and the right to appeal. QliniQ honors universal opt-out mechanisms recognized by the Colorado Attorney General, including the Global Privacy Control.
If you are a Connecticut resident, you have the rights set out in Sections 14.2 and 14.2 (Colorado), and QliniQ honors the Global Privacy Control as a valid universal opt-out mechanism.
If you are a Utah resident, you have the right to access, delete, and obtain a portable copy of your Personal Data, and the right to opt out of the sale of Personal Data and targeted advertising. The UCPA does not include rights of correction, profiling opt-out, or appeal.
If you are a Texas resident, you have the right to access, correct, delete, and obtain a portable copy of your Personal Data, the right to opt out of the sale of Personal Data, targeted advertising, and profiling, and the right to appeal. QliniQ honors universal opt-out mechanisms.
If you are a Florida resident, you have the rights provided by the Florida Digital Bill of Rights, including access, correction, deletion, portability, opt-out of sale, opt-out of targeted advertising, opt-out of profiling, and appeal. Florida residents also have specific rights regarding the use of voice and facial recognition data. QliniQ does not collect biometric voice or facial recognition data.
If you are an Oregon resident, you have the rights set out in Section 14.2 above, including the right to obtain a list of specific third parties (not just categories) to which QliniQ has disclosed your Personal Data. To submit such a request, contact privacy@qliniq.ai.
If you are a resident of one of these states, you have the rights summarized in the table at the start of Section 14.2 to the extent provided by the applicable state law. Submit requests as described in Section 16.
Under the Maryland Online Data Privacy Act, QliniQ does not collect, use, or share Sensitive Personal Information of Maryland residents except as strictly necessary to provide a product or service that the resident has requested. QliniQ does not sell Sensitive Personal Information of Maryland residents under any circumstance.
In addition to the standard rights listed above, Minnesota residents may obtain a list of the specific third parties to which QliniQ has disclosed their Personal Data, and may question the result of profiling decisions. To submit such a request, contact privacy@qliniq.ai.
If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights with respect to your Personal Data, subject to the conditions and limitations set forth in the applicable law:
To exercise these rights, contact privacy@qliniq.ai. We will respond within one (1) month, with the possibility of an extension of two (2) months for complex requests.
Our legal bases for processing Personal Data of individuals in the EEA, UK, and Switzerland are: (i) performance of a contract with you or our Subscriber, (ii) compliance with legal obligations, (iii) our legitimate interests in operating, securing, and improving our Services (balanced against your interests and rights), and (iv) your consent where required.
If you reside outside the United States, the EEA, the UK, or Switzerland, you may have additional rights under your local data-protection law, including under Brazil’s LGPD, Canada’s PIPEDA, and other comparable laws. Submit requests as described in Section 16, and we will respond as required by your applicable law.
QliniQ does not discriminate against End Users for exercising any of the rights described in this Policy. We will not deny you the Services, charge you different prices or rates, provide a different level or quality of Services, or suggest that you will receive a different price or quality of Services because you exercised your rights.
QliniQ does not offer financial incentives in exchange for the collection, sale, or retention of Personal Data.
You may submit a privacy request by any of the following methods:
To protect your Personal Data, we will verify your identity before responding to most privacy requests. The level of verification corresponds to the sensitivity of the data and the risk of unauthorized disclosure. Verification may include:
We will not request more information than is reasonably necessary to verify your identity. Information you provide for verification is used solely for that purpose and is deleted afterward unless retention is required by law.
You may designate an authorized agent to submit requests on your behalf. Your authorized agent must provide:
| Jurisdiction or Law | Response Window |
| CCPA / CPRA (California) | Acknowledge within 10 business days; respond within 45 calendar days, with one extension of up to 45 additional calendar days. |
| VCDPA, CPA, CTDPA, UCPA, TDPSA, FDBR, OCPA (Virginia, Colorado, Connecticut, Utah, Texas, Florida, Oregon, and similar states) | Respond within 45 calendar days, with one extension of up to 45 additional calendar days. |
| GDPR / UK GDPR (EEA, UK, Switzerland) | Respond within 1 month, with extension of up to 2 additional months for complex requests. |
| HIPAA (where applicable) | For PHI requests, the responsible Covered Entity (your healthcare provider) responds within 30 days, with one 30-day extension. QliniQ supports the Covered Entity within those timeframes. |
If we deny your privacy request, in whole or in part, you may appeal by replying to our denial within thirty (30) days, or by submitting a separate appeal to privacy@qliniq.ai with the subject line “Privacy Request Appeal.” We will respond to your appeal in writing within sixty (60) days (or such other period as required by applicable law), explaining the action taken and, if your appeal is denied, the reasons for the denial. If you remain dissatisfied, you may contact your state attorney general or applicable supervisory authority.
Privacy requests are free of charge. We may charge a reasonable fee or refuse to act on requests that are manifestly unfounded, repetitive, or excessive, as permitted by applicable law. We will explain the basis for any such fee or refusal.
QliniQ may record calls made to or from our sales, support, and account-management teams for quality assurance, training, dispute resolution, and security purposes. Where call recording is required by law to be disclosed in advance, you will be notified at the start of the call and given the option to decline. We do not record calls in jurisdictions where it would be unlawful to do so without all-party consent unless we have obtained that consent.
Call recordings that contain Personal Data are stored on encrypted infrastructure, accessible only to authorized personnel with a business need, and retained in accordance with our retention schedule (typically not more than three (3) years from the date of the call, unless required for an active legal matter).
We do not record routine calls between Authorized Users and patients made through the Platform, nor do we record telephone calls between law firm Authorized Users and their clients. QliniQ does not provide a call-center service to Subscribers.
QliniQ may send SMS or text messages to End Users who have provided prior express written consent in compliance with the Telephone Consumer Protection Act (“TCPA”), the rules of the Federal Communications Commission, the Cellular Telecommunications and Internet Association (“CTIA”) guidelines, and applicable state law. We operate the following SMS programs:
Subscribers may use QliniQ to send SMS messages to their patients, leads, and partners (for example, appointment reminders, follow-up communications, and treatment notifications). When a Subscriber sends SMS through the Platform, the Subscriber is the sender and is responsible for obtaining all required consent and for compliance with the TCPA, CTIA guidelines, and applicable law. QliniQ provides tools (such as opt-in capture, automatic STOP handling, and audit logs) to support Subscriber compliance, but the Subscriber remains the responsible party for messaging it initiates.
When you provide consent to receive SMS messages from a QliniQ program, the consent flow will disclose:
You may opt out of any QliniQ SMS program at any time by replying STOP, END, CANCEL, UNSUBSCRIBE, or QUIT to any message from that program. After you opt out, you will receive one final confirmation message and no further marketing or promotional messages from that program. You may continue to receive transactional messages necessary to deliver the Services or required for legal or safety purposes (for example, fraud alerts), and you may opt out of those by closing your account.
Reply HELP at any time for assistance, or contact support@qliniq.ai.
| QliniQ SMS Consent Commitment
QliniQ does not sell, rent, share, or otherwise disclose your mobile telephone number, SMS opt-in data, or SMS consent records to third parties for marketing or promotional purposes. SMS consent and opt-in data are shared only with the Service Providers necessary to deliver the messaging program (such as our messaging aggregator, telecommunications carriers, and cloud hosting providers), and only for the purpose of delivering the program. Mobile information collected for SMS programs is not transferred to third parties for any purpose other than the operation of the SMS service. |
The QliniQ Site at https://www.qliniq.ai is intended for business users (clinic owners, administrators, clinical staff, and law firm professionals). The Site is not directed to children under the age of thirteen (13), and we do not knowingly collect Personal Data from children under thirteen (13) on the Site. The Site is not directed to or intended for use by minors under the age of eighteen (18). If we learn that we have inadvertently collected Personal Data from a child under thirteen (13), we will delete that data promptly. To report such a collection, contact privacy@qliniq.ai.
Consistent with the Children’s Online Privacy Protection Act (“COPPA”), QliniQ does not engage in any practices that would require parental notice or consent under COPPA on the Site.
Personal injury medical clinics legitimately treat minor patients (for example, a minor injured in a motor-vehicle accident or other incident). When a Subscriber enters Personal Data of a minor patient into the Platform in the course of providing healthcare services, that data is PHI and is governed by HIPAA, applicable state law (including state laws governing healthcare for minors), and the Subscriber’s Notice of Privacy Practices.
QliniQ processes such data on behalf of the Subscriber under a Business Associate Agreement. QliniQ does not use minors’ Personal Data for any marketing purpose. QliniQ does not sell or share minors’ Personal Data. To exercise rights regarding a minor patient’s information, contact the minor’s healthcare provider; the provider will work with QliniQ as needed to fulfill the request.
Where applicable state or federal law (including the CCPA as it applies to minors aged 13–16) requires opt-in consent before selling or sharing the Personal Data of minors, QliniQ does not sell or share Personal Data and therefore does not require such opt-in. We will continue to apply heightened protection to minors’ Personal Data consistent with applicable law.
QliniQ is committed to providing a Site and Services that are accessible to people with disabilities. We strive to conform our Site to Level AA of the Web Content Accessibility Guidelines (WCAG) 2.1 published by the World Wide Web Consortium. We continuously work to improve accessibility and welcome feedback. If you have difficulty accessing any portion of the Site or this Privacy Policy, or if you would like to receive this Policy in an alternative format, please contact accessibility@qliniq.ai or any of the contact points in Section 23.
The Site and Services may contain links to websites, plug-ins, applications, or services operated by third parties, and may integrate with third-party services that you or a Subscriber authorize. QliniQ is not responsible for the privacy practices of any third party. We encourage you to review the privacy policy of every third-party site or service you visit or authorize.
We may update this Policy from time to time to reflect changes in our practices, our Services, or applicable law. When we update this Policy:
We maintain prior versions of this Policy in our records and will provide a copy of a prior version upon request to privacy@qliniq.ai.
If you have questions, comments, or concerns about this Privacy Policy, or if you wish to exercise any of your privacy rights, please contact us using one of the following methods.
| Topic | How to Reach Us |
| Privacy Inquiries | privacy@qliniq.ai |
| Security Concerns | security@qliniq.ai |
| Customer Support | support@qliniq.ai |
| Accessibility | accessibility@qliniq.ai |
| Mailing Address | QliniQ LLC Attn: Privacy Officer 420 Technology Parkway NW, Suite 300 Peachtree Corners, Georgia 30092 United States |
| EU / UK Representative | If required, an EU representative under Article 27 GDPR or a UK representative under Article 27 UK GDPR will be designated and identified at https://www.qliniq.ai/eu-representative. |
QliniQ has appointed a Privacy Officer responsible for overseeing our privacy program and HIPAA compliance. To reach the Privacy Officer, write to privacy@qliniq.ai or to the mailing address above.
If you believe that we have not addressed your concern adequately, you may file a complaint with the appropriate regulator: