Privacy Policy

At Slotvise, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our automated revenue rescue platform. We are committed to protecting your data and complying with HIPAA, TCPA, GDPR, and all applicable privacy regulations.

• To provide and maintain our services
• To send appointment notifications
• To process payments and billing
• To improve our platform and services

We implement industry-standard security measures including encryption, access controls, and regular security audits to protect your information. All patient data is handled in compliance with HIPAA, TCPA, and GDPR requirements.

For healthcare customers, we comply with the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. Appointment reminders and notifications are permitted under the Treatment, Payment, and Operations (TPO) exception.

• We sign Business Associate Agreements (BAAs) with covered entities
• We limit message content to appointment information only (no diagnostic details, treatment plans, or medical history)
• We maintain administrative, physical, and technical safeguards
• We conduct regular risk assessments and security audits
• We provide breach notification within 60 days as required by HIPAA
• We train all employees on HIPAA requirements annually

We comply with the Telephone Consumer Protection Act (TCPA) for all SMS communications sent within the United States. This law requires explicit consent before sending marketing or informational text messages.

• We require explicit opt-in consent before sending any SMS messages to patients
• Every SMS message includes clear opt-out instructions (e.g., 'Reply STOP to opt-out')
• We honor opt-out requests immediately and remove users from future messaging
• We maintain detailed consent records for audit purposes
• We only send messages during reasonable hours (8 AM - 8 PM local time)
• We do not send marketing messages without separate explicit consent

For customers in the European Union, we comply with the General Data Protection Regulation (GDPR). We implement privacy by design principles and provide comprehensive data subject rights.

• We collect only data necessary for our services (data minimization)
• We provide clear, transparent information about data processing
• We obtain explicit consent for processing personal data
• We respect your right to access, correct, and delete your data
• We support data portability requests
• We implement appropriate technical and organizational measures
• We provide breach notification within 72 hours when required
• We offer EU data residency options where applicable

We maintain a robust consent management system to ensure all communications comply with applicable regulations.

• Patients must opt-in to receive SMS notifications
• Consent is captured with timestamp and IP address for audit trails
• Users can withdraw consent at any time through our platform or by replying STOP
• We track consent status for each contact
• We automatically stop messaging when consent is withdrawn
• We provide consent history to account administrators

We follow data minimization principles across all our services to reduce risk and comply with privacy regulations.

• SMS messages contain only appointment time, date, and practice name
• No medical diagnosis, treatment details, or health information in text messages
• We collect only information necessary to provide our services
• We automatically delete data after retention periods expire
• We provide clear data retention policies to customers

• Access your personal information
• Correct inaccurate data
• Request deletion of your data
• Object to processing of your data
• Data portability