Privacy Policy

OphthoFlow AI ("OphthoFlow," "we," "us," or "our") provides AI-powered practice automation and patient engagement tools to ophthalmology practices. This Privacy Policy explains what information we collect, how we use it, and the choices you have.

This policy applies to ophthoflow.ai and to the SMS text-message services we operate on behalf of ophthalmology practices.

1. Who we are

OphthoFlow AI is operated by Beyond The Checkout Inc., a Delaware corporation. You can reach us at privacy@ophthoflow.ai.

2. Information we collect

Information you or your practice provides

• Contact details: name, mobile phone number, and email address when a practice enrolls you in appointment reminders or when you contact us.
• Appointment information: appointment date, time, provider name, and general visit type, as shared by your eye care practice so we can send your reminders.
• Consent records: the date, time, and method by which you opted in to receive text messages, and any opt-out requests you make.

Information collected automatically

• Message delivery data: from our SMS provider (Twilio) — delivery status, error codes, and carrier metadata for each message. This data does not contain the message body on our servers beyond operational logs needed for support.
• Website analytics: standard server and browser logs when you visit ophthoflow.ai, including IP address, browser type, and pages visited.

3. SMS text messaging

When you are enrolled in SMS appointment reminders:

• You will receive up to four (4) messages per month related to your appointments (reminders, confirmation requests, and time-sensitive updates).
• Message and data rates may apply, depending on your mobile plan.
• You can reply STOP at any time to unsubscribe, or reply HELP for assistance.
• See our full SMS Consent page for the consent script and sample messages.

4. How we use information

• To deliver appointment reminders and related messages you or your practice have enrolled you in.
• To operate, maintain, and improve the OphthoFlow services.
• To respond to your questions and support requests.
• To comply with our legal obligations and enforce our Terms of Service.

We do not use your contact information for our own marketing, and we do not sell your personal information.

5. How we share information

We share personal information only in these limited circumstances:

• Service providers: infrastructure, SMS delivery (Twilio), and cloud hosting (AWS) providers who process information on our behalf under written contracts that restrict their use of your data.
• Your eye care practice: the practice that enrolled you in reminders receives delivery status and opt-in/opt-out records so they can support you.
• Legal and safety: when required by law, valid legal process, or to protect the rights, property, or safety of OphthoFlow, our customers, or others.
• Business transfers: in connection with a merger, acquisition, or sale of assets, subject to the protections in this policy.

6. HIPAA and protected health information

When OphthoFlow processes protected health information (PHI) on behalf of a covered-entity practice, we act as a Business Associate under HIPAA and are bound by a written Business Associate Agreement (BAA) with that practice. Our use and disclosure of PHI is limited by that BAA and by applicable law.

7. How long we keep information

We retain personal information only as long as needed for the purposes described in this policy:

• SMS consent records and message logs: retained for two (2) years after your last interaction with us, unless a longer period is required by law.
• Contact and appointment information: retained for as long as your practice has enrolled you, and up to two (2) years after your last interaction.
• Website analytics: retained in summarized form for up to 13 months.

8. Security

We use industry-standard administrative, technical, and physical safeguards to protect personal information, including encryption in transit and at rest, access controls, and monitoring. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

9. Your choices and rights

• Opt out of SMS: reply STOP to any OphthoFlow text message at any time.
• Access, correction, and deletion: you may request a copy of the personal information we hold about you, ask us to correct it, or ask us to delete it, by emailing privacy@ophthoflow.ai.
• State privacy rights: residents of certain U.S. states may have additional rights under applicable state privacy laws. Contact us to exercise them.

10. Children

OphthoFlow services are intended for use by adults. We do not knowingly collect personal information from children under 13. If a parent or guardian has enrolled a minor in appointment reminders, the parent or guardian remains the point of contact and may opt the minor out at any time.

11. International users

OphthoFlow is operated from the United States and is intended for use by U.S. practices and their patients. If you access our services from outside the U.S., your information will be processed in the U.S.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will post the updated version at this URL and update the "Effective date" above. Material changes will be communicated where we have the ability to reach you directly.

13. Contact us