Clareo Health
Back to Home

Privacy Policy

Effective Date:

Clareo (“Clareo,” “we,” “us”) helps patients and caregivers turn medical conversations into clear summaries and next steps. Privacy and trust are core to that mission.

This Privacy Policy explains what information we collect, how we use it, how we share it, and your choices.

Key points

  • You control sharing. We do not share your identifiable health information with other people or organizations for their own independent use unless you choose to share it. We do share information with service providers that help us operate Clareo under contractual restrictions.
  • No third-party model training on your identifiable data. We do not allow our AI vendors to use your Personal Data to train their models.
  • We protect sensitive health data with strong security. We use encryption at rest and apply additional protections for sensitive content like recordings and transcripts.
  • You can delete your data. You can request deletion of your account and associated content. We explain what deletion means (including backups) below.
  • You are responsible for how you use and share your information. Clareo provides tools, but you control your data and decisions.

1) What this Privacy Policy covers

This Privacy Policy covers how we handle Personal Data we collect when you use Clareo’s apps and websites (the “Services”). It does not cover third-party services we don’t own or control.

Personal Data means information that identifies or can reasonably be linked to you. Some Personal Data in Clareo may be sensitive (for example, health-related information).

Clareo may introduce features that allow users to invite others or share access to their content. In those cases, additional controls and disclosures may apply.

2) Important note about HIPAA

When we provide the Services directly to consumers, we generally are not acting as a HIPAA covered entity or business associate. If we offer a separate product or pilot where we act on behalf of a healthcare provider or health plan (for example, under a business associate agreement), different terms and notices may apply to that program. That means HIPAA’s Notice of Privacy Practices does not automatically apply to Clareo.

Even so, we treat your health-related information as highly sensitive and apply strong privacy and security practices designed for healthcare-adjacent use cases.

3) Information we collect

  1. Information you provide
    1. Account data: name (optional), email, password (stored using secure hashing), and preferences
    2. User content: recordings, uploaded audio, transcripts, notes, edits, tags, and other information you choose to store in Clareo
    3. Support communications: messages you send to support, surveys, and feedback you provide (including thumbs up/down on summaries, if available)
  2. Information we generate to provide the service
    1. AI outputs: summaries, “next steps,” suggested questions, structured data fields, and other derived content generated from your recordings/transcripts/notes
    2. Product signals: diagnostics that help us detect errors and improve reliability (for example, whether a transcription failed)
  3. Information collected automatically
    1. Device & usage data: IP address, device type, browser/app version, approximate location derived from IP, and app interaction logs
    2. Cookies / similar technologies (website): used for essential functionality and analytics (see “Cookies” below)
  4. Payment data (if you subscribe)
    1. If you purchase a subscription, payment is processed by a third-party payment processor (for example, Stripe). We receive limited billing signals (such as subscription status and timestamps) but do not store full payment card numbers.

4) How we use your information

We use Personal Data to:

  1. Provide the Services
    1. Create and manage your account
    2. Record, upload, store, and display your notes and appointment content
    3. Generate transcripts and summaries and present them back to you
  2. Improve safety, reliability, and performance
    1. Debug, monitor, and prevent abuse
    2. Improve transcription and summarization quality
    3. Conduct internal analytics to improve the product
  3. Communicate with you
    1. Send account notices, service updates, security alerts, and support messages
    2. Send product newsletters or marketing emails (you can opt out)
  4. Comply with legal obligations
    1. Address lawful requests
    2. Protect rights, safety, and integrity of our users and Services

5) AI, model training, and vendor limits

Because Clareo processes sensitive health-related content, we use strict guardrails:

  • We do not allow third-party AI providers to train their models using your Personal Data.
  • We use AI vendors and infrastructure providers only under agreements that restrict use of your data to providing services to Clareo.
  • Where available, we configure AI processing to minimize retention by vendors.

Clareo product improvement:

We may use aggregated or de-identified information to understand product performance and improve Clareo (for example, error rates, general feature usage patterns). We do not use identifiable recordings, transcripts, or health content to train third-party AI models.

If we ever introduce an optional program that uses de-identified content for model improvement in a broader way, we will (a) clearly disclose it, and (b) provide an easy opt-out.

6) How we share information

  1. Sharing you control
    1. Clareo shares your information when you choose to share it, such as:
      1. Sharing a note or summary with a caregiver, family member, or clinician
      2. Inviting another person to view specific content
    2. You are responsible for confirming the recipient is someone you trust.
      1. Once you choose to share your information, Clareo does not control how those recipients use, store, or further share that information.
      2. Those individuals or organizations may be subject to their own privacy practices and obligations, which may differ from Clareo’s.
    3. Clareo is not responsible for the actions or practices of third parties you choose to share information with.
  2. Service providers (“processors”)
    1. We share Personal Data with vetted vendors that help us operate the Services, such as:
      1. Cloud hosting and storage providers
      2. AI and transcription processors
      3. Customer support tools
      4. Security monitoring and fraud prevention
      5. Payment processing (for subscriptions)
    2. These providers are contractually restricted to using your data only to provide services to Clareo.
    3. Key service providers (as of [3/25/26]) include:
      1. Vercel [Hosting and AI Gateway provider]
      2. Cloudflare [CDN/DNS provider]
      3. Anthropic (Claude) [LLM vendor - Primary]
      4. OpenAI [LLM vendor - Secondary]
      5. Deepgram [Transcription vendor]
      6. Neon [Database provider (PostgreSQL hosting)]
      7. Redis Labs [Caching provider]
      8. Sanity [Content Management System vendor]
      9. Resend [Email service provider]
      10. Telnyx [SMS provider]
      11. Stripe [Payment processor]
  3. Legal and safety disclosures
    1. We may share information if we believe it is reasonably necessary to:
    2. Comply with law or valid legal process
    3. Protect the safety of users or the public
    4. Prevent fraud, abuse, or security incidents
    5. Enforce our terms and policies
  4. Business transfers
    1. If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, Personal Data may be transferred as part of that transaction. We will provide notice if your information becomes subject to a materially different privacy policy.
    2. We do not sell your Personal Data.
      1. We do not share Personal Data with advertisers for targeted advertising based on your health content.
      2. We do not use your health-related information for advertising purposes.

7) Cookies and analytics (website)

Our website may use cookies and similar technologies for:

  • Essential functionality (security, login, site operations)
  • Analytics (understanding website usage and improving content)

You can control cookies through your browser settings. Some cookies are necessary for the website to function.

8) Security

We use a combination of technical, administrative, and organizational safeguards designed for sensitive data, including:

  • Encryption at rest
  • Access controls (least-privilege) and audit-friendly logging
  • Monitoring, rate limiting, and security testing
  • Vendor due diligence and security requirements

No system is 100% secure. If we become aware of a security incident that affects your Personal Data, we will notify you as required by applicable law.

9) Data retention and deletion

A. Retention

We retain Personal Data for as long as needed to:

  • Provide the Services
  • Maintain account history and user content you choose to keep
  • Comply with legal obligations and resolve disputes
  • Maintain security logs and prevent fraud

B. Deletion

You can request deletion of your account and associated content by contacting privacy@clareohealth.com (or through in-app controls if available).

What deletion means:

  • We delete or de-identify your Personal Data from active systems within a reasonable timeframe.
  • Some information may remain in backup systems for a limited period, then be overwritten as part of normal backup cycles.
  • We may retain certain records if required by law or to address fraud/security issues.
  • Deletion requests are processed within a reasonable timeframe, typically within 30 days, unless a longer period is required for legal or technical reasons.
  • Deletion does not remove data you have shared to others or that others have copied.

10) Your choices and rights

Depending on where you live, you may have rights to:

  • Access your Personal Data
  • Correct or update information
  • Delete your account and content
  • Object to or restrict certain processing
  • Opt out of marketing emails

To exercise these rights, contact privacy@clareohealth.com. We will verify your request and respond within the timelines required by applicable law.

11) Recording and consent reminders

If you record conversations through Clareo, you are responsible for complying with applicable laws and obtaining any required consent from other participants. Recording laws vary by jurisdiction.

We aim to provide reminders and may implement location-based warnings.

Clareo does not monitor or verify whether consent has been obtained.

12) Children’s privacy

Clareo may be used to support pediatric health journeys. However, accounts must be created and managed by a parent or legal guardian when used for individuals under the age of 13 (or the applicable age of digital consent in your jurisdiction). In those scenarios, Clareo is a guardian-controlled tool, not a child-directed app.

We do not knowingly collect Personal Data directly from children without appropriate parental involvement. Any information related to a minor should be provided and managed by a parent or legal guardian.

If you believe that a child has provided Personal Data to Clareo without appropriate parental consent, please contact us and we will take steps to delete that information.

13) International users

If you access Clareo from outside the United States, your Personal Data may be processed and stored in the U.S. and other countries where we and our service providers operate. These countries may have different data protection laws than your country of residence.

14) Changes to this policy

We may update this Privacy Policy from time to time. If we plan to collect, use, or share new categories of consumer health data, or use consumer health data for new purposes, we will update this policy and obtain affirmative consent before doing so where required by law. (for example, by email or in-app). Your continued use of the Services after the effective date means you accept the updated policy.

Contact us

Email: privacy@clareohealth.com

Mailing address: 249 Richmond Rd., Williamsburg, VA 23185