Privacy Policy

1. Overview

This Privacy Policy explains how Cicini collects, uses, stores, and protects information when you use our Platform.

We are committed to privacy-by-design and data minimization principles.

2. Information We Collect

2.1 Account and Organization Information

• Organization name
• User identifiers (internal IDs)
• Roles and permissions
• Contact information provided during onboarding

2.2 Usage and Telemetry Data

We collect limited, non-content usage data to operate and protect the Platform, including:

• Feature usage counts
• System interactions
• Aggregated usage metrics

This data does not include message content, customer communications, or appointment details.

2.3 Audit and Security Information

For security and compliance purposes, we record audit events such as:

• Login and authentication activity
• Administrative actions
• Permission changes
• System access attempts

Audit records may include:

• Timestamp
• Action type
• Internal user or system identifier
• Organization identifier
• Masked or hashed IP address
• General device or browser category

We do not store full IP addresses or full browser fingerprints long-term.

2.4 Technical Information

We may collect limited technical data such as:

• Approximate geographic region (e.g., country)
• Device type (desktop, mobile)
• Browser family and operating system

This information is used solely for security, diagnostics, and performance optimization.

3. What We Do NOT Collect

Cicini does not intentionally collect or store:

• Patient names or medical information
• Message or notification content
• Phone numbers or email addresses in audit logs
• Full IP addresses beyond short-term security use
• Detailed browsing behavior for advertising purposes

4. How We Use Information

We use collected information to:

• Provide and operate the Platform
• Enforce usage limits and plan allowances
• Maintain security and prevent abuse
• Monitor system performance
• Meet compliance and audit obligations
• Improve reliability and functionality

We do not sell personal data.

5. Third-Party Processors

Cicini uses trusted third-party providers to deliver the Platform. These providers may process data on our behalf under contractual confidentiality and security obligations.

Examples include:

• Cloud infrastructure providers
• Messaging and email services
• Payment processors
• Monitoring and logging services

Data shared with third parties is limited to what is necessary to perform the service.

6. Data Retention

We retain information only as long as necessary:

• Audit and security logs: retained according to legal and compliance requirements
• Usage metrics: retained in aggregated form
• Raw technical identifiers (e.g., IP addresses): retained for a short period or masked/anonymized

Retention periods may vary based on regulatory obligations.

7. Security

We implement administrative, technical, and organizational safeguards to protect information, including:

• Encryption at rest and in transit
• Access controls and role-based permissions
• Monitoring and incident response procedures

8. VPNs and Location Data

Users may access the Platform using VPNs or similar technologies. Cicini does not block VPN usage.

Location and IP-related data is treated as a security signal only and is not used to track individual behavior.

9. Your Rights

Depending on your jurisdiction, you may have rights regarding your information, including:

• Access
• Correction
• Deletion
• Restriction of processing

Requests can be submitted to support@cicini.com.

10. Changes to This Policy

We may update this Privacy Policy periodically. Updates will be posted on this page with a revised effective date.

11. Contact

For privacy questions or requests, contact: