Privacy Policy

Last Updated: May 6, 2026

Recepta Desk ("we", "us", "our") respects your privacy. This Privacy Policy explains how we collect, use, share, and protect information when you visit our website or use our services.

1. Information We Collect

Information You Provide

• Contact information: name, email address, phone number, business name (for clinic clients)
• Account information: login credentials, billing details
• Communications: messages you send to us via web form, email, SMS, or chat
• Patient communication content: if you are a patient of a clinic using our services, the SMS conversation between you and the clinic flows through our systems

Information Collected Automatically

• Usage data: pages viewed, links clicked, time spent on pages
• Device data: browser type, IP address, operating system
• Cookies: see our cookie practices below

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and improve our services
• Send appointment reminders, confirmations, and other transactional SMS messages on behalf of clinics
• Respond to inquiries and provide customer support
• Send service updates and important account notifications
• Comply with legal obligations
• Detect and prevent fraud or abuse

3. SMS Messaging Data

Phone numbers and SMS opt-in information are never shared with third parties for marketing or promotional purposes. This includes affiliates and resellers. The only sharing of phone numbers occurs with:

• The clinic on whose behalf we are sending messages (because they are the party communicating with you)
• AWS (Amazon Web Services) strictly as needed to deliver the SMS messages via AWS End User Messaging
• Law enforcement when legally required

We retain SMS conversation data for as long as necessary to provide service continuity, comply with legal requirements, and resolve disputes. You may request deletion of your data as described below.

4. How We Share Information

We share information only in these limited circumstances:

• With service providers who help us operate our business (hosting, SMS delivery, AI processing, payment processing, analytics) under confidentiality obligations
• With clinics that use our services, to enable patient communication
• For legal reasons when required by law, subpoena, or to protect our rights and safety
• In a business transfer such as a merger or acquisition, with notice to you

We do not sell personal information to third parties.

5. Data Security

We implement reasonable technical and organizational measures to protect your information, including encryption in transit and at rest, access controls, and regular security reviews. No system is perfectly secure, however, and we cannot guarantee absolute security.

6. Your Rights

Depending on your location, you may have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate information
• Request deletion of your information
• Opt out of marketing communications
• Opt out of SMS messages by replying STOP at any time

To exercise these rights, email us at privacy@receptadesk.com.

7. Cookies

We use cookies and similar technologies to make our website function and to understand usage. You can control cookies through your browser settings. Disabling cookies may affect site functionality.

8. Children's Privacy

Our services are not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us information, contact us and we will delete it.

9. International Users

Our services are operated from the United States. If you access our services from outside the US, your information will be transferred to and processed in the US.

10. HIPAA Business Associate Agreement & Healthcare Compliance

BAA Coverage

Recepta Desk is a HIPAA Business Associate covered under executed Business Associate Agreements (BAAs) with our infrastructure providers: Amazon Web Services (data storage, compute, and SMS) and Google Cloud (AI inference via Vertex AI). This means:

• All patient SMS messages are encrypted in transit (TLS) and at rest (AES-256)
• Patient communications, including Protected Health Information (PHI), receive healthcare-grade protection
• All message access is logged with timestamps for audit compliance
• We maintain audit trails of all data access for your compliance records

Patient Data Handling

When patients send SMS messages through a clinic using Recepta Desk:

• Message content is only decrypted for delivery to the intended clinic and for logging audit trails
• We do not analyze, sell, or share patient data with third parties
• Message retention follows your clinic's data governance policies; we can provide data export or deletion upon request
• Patient privacy is maintained through encryption, access controls, and regular security reviews

Patient Data Subject Rights

Patients have the right to:

• Request access to their SMS messages stored in our systems
• Request correction of inaccurate information
• Request deletion of their messages from our systems

To exercise these rights, patients should contact the clinic they messaged. Clinics can contact us at privacy@receptadesk.com to process patient data requests.

Your Clinic's Responsibilities

Clinics using Recepta Desk remain responsible for:

• Complying with all applicable HIPAA regulations and privacy laws
• Ensuring proper consent before sending SMS to patients
• Training staff on secure message handling practices
• Maintaining appropriate access controls over patient data
• Notifying us of any data breaches or security incidents

Shared Responsibility Model

Recepta Desk handles the technical infrastructure and security (encryption, audit logging, data retention). Your clinic handles the operational compliance (consent, staff training, access controls). Together, we ensure patient data is handled responsibly and securely.

11. Changes to This Policy

We may update this Privacy Policy. The "Last Updated" date reflects the most recent change. Material changes will be communicated via email or website notice.

12. Contact Us

Privacy questions or requests:

Recepta Desk
4214 Island Drive, North Topsail Beach, NC 28460
privacy@receptadesk.com
(703) 577-7473