Legal

Enterprise Privacy Policy

Last Updated: 20th Feb 2026

This Privacy Policy explains how EZAppointo ("EZAppointo," "we," "us," or "our") collects, uses, processes, discloses, and protects personal information and Protected Health Information ("PHI") in connection with the EZAppointo platform, including scheduling, messaging, and telehealth video consultation services (the "Platform").

EZAppointo is designed to meet healthcare privacy expectations and incorporates administrative, technical, and operational safeguards.

1. ROLE OF EZAPPOINTO

EZAppointo provides software infrastructure for healthcare Providers.

  • Providers are the data controllers of patient medical and appointment data.
  • EZAppointo acts as a data processor or service provider.

EZAppointo is NOT a healthcare provider and does not diagnose, treat, or provide medical care.

2. INFORMATION COLLECTED

Patient Data:

  • Name, phone number, email
  • Appointment date, time, provider, location
  • Intake information entered by Provider
  • Communications metadata

Provider Data:

  • Provider name, clinic name, contact information
  • Account credentials
  • Scheduling configurations

Technical Data:

  • IP address
  • Device identifiers
  • Log activity

Payment Data:

  • Stripe payment tokens
  • Subscription billing information
  • Transaction metadata

EZAppointo does NOT store full credit card numbers.

Video Consultation Data:

  • Session timestamps
  • Connection diagnostics
  • In-session communications

Sessions are NOT recorded by default.

3. PROTECTED HEALTH INFORMATION (PHI)

EZAppointo may process PHI on behalf of Providers.

EZAppointo implements safeguards including:

  • Access control restrictions
  • Encryption in transit
  • Authentication protections
  • Monitoring and logging

Providers are responsible for determining PHI content entered into the system.

4. HIPAA COMPLIANCE AND BUSINESS ASSOCIATE ROLE

Where applicable under U.S. law, EZAppointo may function as a Business Associate.

Providers must execute a Business Associate Agreement where required.

EZAppointo processes PHI solely to provide Platform services and does not use PHI for advertising or resale.

Providers are responsible for HIPAA compliance in their clinical workflows.

5. SMS REMINDERS AND COMMUNICATION

EZAppointo may send appointment reminders via SMS.

Providers are responsible for obtaining consent.

Patients may opt out by replying STOP.

SMS is transmitted through telecommunications providers and delivery cannot be guaranteed.

6. VIDEO CONSULTATION SECURITY

Video consultations are transmitted securely.

EZAppointo does not record consultations unless explicitly enabled.

Providers are responsible for obtaining patient consent before recording.

EZAppointo is not responsible for third-party interception caused by insecure networks.

7. PAYMENT PROCESSING (STRIPE)

Payments are processed by Stripe.

Stripe independently handles payment card information.

EZAppointo does not store sensitive card numbers.

Stripe's privacy and security policies govern payment processing.

8. THIRD-PARTY INTEGRATIONS

EZAppointo may integrate with:

  • Stripe
  • eClinicalWorks
  • Tebra
  • Messaging providers

Data shared with integrations is limited to operational necessity.

Providers control integration settings.

EZAppointo is not responsible for third-party system security.

9. DATA SECURITY SAFEGUARDS

EZAppointo uses:

  • Access controls
  • Encryption
  • Monitoring systems
  • Secure infrastructure

However, no system is 100% secure.

Users are responsible for protecting login credentials.

10. DATA RETENTION

Data is retained only as necessary for operational, contractual, and legal purposes.

Providers are responsible for medical record retention requirements.

11. BREACH NOTIFICATION

If EZAppointo becomes aware of a confirmed unauthorized access event affecting regulated PHI, EZAppointo will notify affected Providers without unreasonable delay, consistent with applicable law and contractual obligations.

Providers are responsible for regulatory reporting and patient notification unless otherwise agreed in writing.

12. INTERNATIONAL AND NON-U.S. PROVIDERS

Providers outside the United States must comply with their local privacy laws.

EZAppointo provides reasonable safeguards but does not assume regulatory responsibility for Provider jurisdiction compliance.

13. USER RIGHTS

Users may request:

  • Access
  • Correction
  • Deletion

Requests may be sent to info@finitsystems.com

Patients should contact their Provider for medical record requests.

14. LIMITATION OF LIABILITY RELATED TO DATA

EZAppointo shall not be liable for:

  • Provider misuse of the Platform
  • Provider PHI handling violations
  • User credential compromise
  • Third-party integration security failures
  • Telecommunication delivery failures

To the maximum extent permitted by law, liability is limited.

15. COOKIES

EZAppointo uses cookies to:

  • Maintain sessions
  • Improve performance
  • Enhance security

Users may disable cookies.

16. POLICY CHANGES

EZAppointo may update this policy.

Continued use constitutes acceptance.

17. CONTACT

EZAppointo
Email: info@finitsystems.com
Address: 45 West John Street Suite 207
Hicksville, NY 11801