Skip to main content

Privacy Policy

How CurerTech collects, uses, and protects data across our website and our platform, including the protected health information we handle on behalf of the clinics we serve.

01

Introduction

CurerTech provides an all-in-one EMR, RCM, and CRM platform to U.S. healthcare clinics. This policy explains how we handle personal data, and it applies to two distinct kinds of information that work differently under the law. Read Section 2 first, because the rest of this policy depends on the distinction it draws.

CurerTech is based in Chicago, Illinois, and serves clinics in the United States. This policy is written for U.S. privacy and healthcare law.

02

The two kinds of data we handle

Website & marketing data - CurerTech is the controller

Information from people who visit curertech.com, request a demo, or contact us. We decide how this data is used, and the rest of this policy (Sections 3 through 5, and Sections 7 through 13) governs it.

Clinical data (PHI), where CurerTech is a business associate.

Protected health information that lives in the platform belongs to the clinic, not to us. Clinics are the covered entities under HIPAA; CurerTech processes this data only as a business associate, under a signed Business Associate Agreement (BAA) and under each clinic's instructions. Section 6 covers this in full.

03

Information we collect (website & marketing)

When you use our website or contact us, we may collect:

  • Contact details you provide - name, work email, phone number, clinic name, and role
  • The content of demo requests, support queries, and messages you send us
  • Device and usage data - IP address, browser type, pages visited, and referring links
  • Chat assistant - when you chat with our on-site assistant ("Genie"), we keep a record of your conversation, along with some standard technical details such as your IP address and approximate location, device and browser, language, and the page you were on. This helps us understand how the assistant is used and continually improve our product and your experience.

We do not ask for patient health information through our website, and you should not send it to us by email, web form, or the chat assistant.

04

How we use website & marketing data

We do not sell personal data. We share it only as needed to run our business and serve our clinics:

  • Respond to demo requests, questions, and support enquiries
  • Operate, secure, and improve our website, marketing, and chat assistant
  • Send updates you have asked to receive, and let you opt out at any time
  • Meet our legal, tax, and regulatory obligations

We do not sell your personal data, and we do not use it for automated decisions that produce legal effects.

05

Cookies and analytics

Our public website uses cookies and third-party analytics to understand how the site is used and to improve it. You can control cookies through your browser settings, and where required we ask for your consent before non-essential cookies are set.

We do not place third-party advertising or tracking pixels on patient-facing parts of the platform, and analytics on the marketing site is kept separate from any environment that holds protected health information.

06

Clinical data, HIPAA, and Part 2 confidentiality

Protected health information entered into the CurerTech platform is owned and controlled by the clinic that uses our software. CurerTech accesses it only to provide and support the platform, as a business associate under a BAA, and we follow the HIPAA Privacy and Security Rules in that role.

Because the clinic is the covered entity, patients exercise their privacy rights - such as access to records, amendment, or restriction - directly through their clinic, not through CurerTech. If a patient contacts us about their records, we direct them to their care provider.

Many of the clinics we serve deliver substance use disorder treatment. Records from those programs carry an added layer of federal confidentiality protection under 42 CFR Part 2, and we configure and handle that data to support our clinics' obligations under that rule.

07

How we share data

We do not sell personal data. We share it only as needed to run our business and serve our clinics:

  • Vetted service providers (subprocessors) who work under contract and confidentiality terms
  • Authorities or regulators when the law requires it, or to protect rights and safety
  • Partners and systems you choose to connect to, at your direction

Any sharing of protected health information is governed by the BAA with the clinic, not by this section.

08

Data retention

We keep website and marketing data only as long as needed for the purposes above or to meet legal requirements, then delete or de-identify it. Clinical data is retained, returned, or destroyed according to the clinic's instructions and the terms of the BAA.

Website chat assistant conversations - including the messages exchanged and the associated technical metadata (such as IP address and approximate location) - are retained indefinitely so we can analyze and improve the assistant and our services. You may contact us to request deletion of a conversation, subject to our legal and operational requirements.

09

Data security

We protect data with technical and organizational measures including encryption in transit and at rest, role-based access controls, audit logging, and regular security reviews. CurerTech maintains SOC 2 Type II, ISO/IEC 27001, and ONC Health IT certification. You can read more on our security page.

10

Your privacy rights

Website & marketing data

You may ask us to access, correct, or delete the personal data we hold about you, and to stop marketing contact. Residents of California and other states with privacy laws have additional rights, including the right to know what we collect and to opt out of any sale or sharing - we do not sell personal data. To make a request, contact us using the details in Section 14.

Patient health information

Rights over health records held in the platform are exercised through your clinic, which controls that data as the covered entity.

11

Data breach notification

If a security incident affects personal data we control, we will notify affected parties and regulators as required by law. For incidents involving protected health information, we follow the breach notification terms of the BAA and the HIPAA Breach Notification Rule, working with the affected clinic.

12

Children's privacy

Our website is intended for clinic owners, operators, and clinicians, and is not directed to children. Any health information about minors that a clinic enters into the platform is handled under that clinic's direction and applicable law.

13

Changes to this policy

We may update this policy as our platform, our practices, or the law changes. The current version is always posted here, with the effective date below. We encourage you to review it from time to time.

14

Contact us

For questions about this policy or to make a privacy request, contact us here or reach us at:

CurerTech
1132 South Wabash Avenue, Ste 504, Chicago, IL 60605
+1 (940) 843-3708
support@curertech.com

Last updated: 06/25/2026

This Privacy Policy is effective as of the date above and governs your use of CurerTech's website and platform.