ClinvoClinvo

Clinvo Privacy Policy

Last updated: June 1, 2026

1. Introduction

Clinvo ("we," "our," or "us") is a dental clinic management platform developed and operated by Clinvo LLC, based in Amman, Jordan. We are committed to protecting the privacy of clinic owners, healthcare providers, staff, and patients who use our platform.

This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights regarding your personal data. It applies to both clinvo.app (the application) and clinvo.co (the marketing website).

By using Clinvo, you agree to the collection and use of your information as described in this policy.

2. Who We Are

  • Company: Clinvo LLC (registration pending)
  • Service: Clinvo dental clinic management platform
  • Website: clinvo.co
  • Application: clinvo.app
  • Contact: support@clinvo.app
  • Location: Amman, Jordan

3. Information We Collect

3.1 Information provided by clinic owners and staff

When a clinic registers on Clinvo, we collect:

  • Clinic name, address, city, and contact details
  • Owner name and email address
  • Team member names, email addresses, and roles
  • Clinic working hours, appointment types, and configuration settings
  • Billing and plan information (plan type, upgrade requests)
  • Directory profile information if the clinic opts into the public directory (public phone number, clinic description, photos, and specialties)

3.2 Information provided by healthcare providers (doctors)

  • Full name, specialty, and professional details
  • Availability and schedule settings
  • Clinical notes, SOAP notes, and AI Scribe transcriptions
  • Treatment plans and patient photos uploaded during clinical sessions
  • Blocked time and vacation records

3.3 Information provided by patients

When a patient creates an account or books an appointment through Clinvo:

  • Full name, phone number, and email address
  • Date of birth and gender
  • Medical history including allergies, conditions, current medications, and smoking status
  • Appointment history and clinical records
  • Treatment plans, before/after photos, and clinical notes as documented by their healthcare provider
  • Invoice and payment records
  • Family member information if a guardian links family members to their account
  • Satisfaction survey responses
  • Language preference

3.4 Information collected automatically

When you use Clinvo, we automatically collect:

  • Device type, browser type, and operating system
  • IP address and approximate location
  • Pages visited and features used
  • Time and date of access
  • Referral source

3.5 Information from AI features

When using AI Scribe, voice dictation is processed to generate clinical notes. Audio is transcribed client-side using your device's built-in speech recognition (Web Speech API). The transcribed text is sent to our AI provider to generate structured SOAP notes. We do not store audio recordings. Only the transcribed text and the generated note are stored in your clinic's records.

4. How We Use Your Information

4.1 To provide the service

  • Creating and managing clinic accounts
  • Enabling appointment booking, calendar management, and patient records
  • Generating invoices and recording payments
  • Sending appointment confirmation and reminder emails
  • Processing online bookings and QR patient onboarding
  • Displaying the waiting room queue on clinic displays
  • Generating AI-assisted clinical notes via AI Scribe
  • Managing treatment plans, photos, and patient recalls
  • Enabling family account management

4.2 To communicate with you

  • Sending service-related emails including confirmations, reminders, and invoices
  • Responding to support requests sent to support@clinvo.app
  • Sending platform updates and feature announcements
  • Notifying clinic owners of important account activity

4.3 To improve the platform

  • Analyzing usage patterns to improve features
  • Identifying and fixing technical issues
  • Understanding which features are most valuable to clinics
  • Improving AI Scribe accuracy and performance

4.4 To operate our business

  • Processing plan upgrades and access requests
  • Preventing fraud and unauthorized access
  • Complying with legal obligations under Jordanian law
  • Maintaining audit logs for security and compliance

5. Medical and Health Information

Clinvo processes sensitive medical and health information on behalf of dental clinics. This includes clinical notes, diagnoses, treatment plans, medical history, and patient photos.

Clinvo acts as a data processor on behalf of dental clinics, who are the data controllers for their patients' medical information.

Dental clinics using Clinvo are responsible for:

  • Obtaining patient consent to store and process their medical records digitally
  • Informing patients about how their data is used
  • Complying with applicable Jordanian healthcare regulations
  • Ensuring their use of Clinvo is consistent with their professional obligations

Clinvo implements strict access controls ensuring that medical data is only accessible to authorized clinic staff and the patient themselves. Patient medical data is never shared between clinics and is never used for any purpose other than providing the service to that specific clinic.

Patient-facing views of clinical notes are deliberately limited. Patients can view the Subjective and Plan fields of their SOAP notes. Clinical assessments, objective findings, and private notes written by doctors are not visible to patients.

6. How We Share Your Information

We do not sell your personal information to any third party under any circumstances.

We share information only in the following circumstances:

6.1 Within your clinic's team

Clinic owners, administrators, doctors, and staff can access patient records within their clinic. Access is strictly controlled by roles. Staff members can only access what their role permits. Doctors can only see patients they have treated. Patients can only see their own records.

6.2 With patients

Patients can view their own records, appointments, limited clinical notes, treatment plans, and photos through the patient portal. Patients cannot see other patients' records under any circumstances.

6.3 With trusted service providers

We use the following trusted third-party providers to operate Clinvo:

  • Supabase — database hosting, file storage, and authentication. Data is stored on servers located in the European Union. Supabase is bound by a data processing agreement.
  • Lovable — application hosting and transactional email delivery.
  • AI providers — for AI Scribe note generation. Only the transcribed text of the dictation is sent along with basic appointment context. No audio recordings, no full patient records, and no identifiable patient information beyond what the doctor dictates are transmitted.

All service providers are contractually bound and may not use your data for their own purposes.

6.4 Public clinic directory

If a clinic owner explicitly opts into the Clinvo public directory, only the following information will be publicly visible on clinvo.co:

  • Clinic name (Arabic and English)
  • City and general location
  • Public business phone number (provided separately by the clinic owner — never the owner's personal number)
  • Clinic specialties and languages spoken
  • Clinic description and photos uploaded for public display
  • Google review rating (if configured)

Personal phone numbers, personal email addresses, owner names, and any patient data are never shown in the directory under any circumstances. Directory listing is opt-in only and can be disabled at any time from clinic settings.

6.5 Legal requirements

We may disclose information when required by Jordanian law, court order, or competent government authority. We will notify affected users of such requests where legally permitted to do so.

7. Data Retention

Data typeRetention period
Active clinic accountsRetained while account is active
Cancelled accounts90 days after cancellation, then deleted on request
Patient clinical recordsRetained while clinic account is active
Audit logs12 months
Email logs6 months
Access request records24 months
Deleted patient recordsPermanently deleted within 30 days of verified deletion request

When a clinic cancels their Clinvo subscription, their data remains accessible for 90 days. After 90 days, data can be exported on request. After 12 months of inactivity, data is permanently deleted.

8. Data Security

We take the security of your data seriously, particularly given the sensitive medical information processed by Clinvo.

Our security measures include:

  • All data encrypted in transit using HTTPS and TLS
  • All data encrypted at rest in our database
  • Row-level security (RLS) policies at the database level ensuring each clinic can only access their own data — this is enforced in the database itself, not just in application code
  • Role-based access control ensuring staff only see what their role permits
  • Patients can only access their own records — cross-patient access is technically impossible by design
  • Medical photos and documents stored with time-limited signed URLs — files are never publicly accessible
  • Invite-only clinic registration — no public self-signup
  • Regular security audits and vulnerability scanning
  • All sensitive operations recorded in immutable audit logs

Despite these measures, no system is completely immune to security risks. If you believe your account has been compromised or you have identified a security vulnerability, please contact us immediately at support@clinvo.app.

9. Your Rights

9.1 Under Jordan's Personal Data Protection Law (PDPL)

In accordance with Jordan's Personal Data Protection Law, you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Correction — request correction of inaccurate or incomplete data
  • Deletion — request deletion of your personal data, subject to legal retention requirements
  • Restriction — request that we restrict processing of your data in certain circumstances
  • Objection — object to processing of your data for certain purposes
  • Portability — receive your data in a structured, machine-readable format

9.2 For patients

Patients can exercise their rights by:

  • Viewing and downloading their records from the patient portal
  • Requesting correction of inaccurate records through their dental clinic
  • Submitting a deletion request by emailing support@clinvo.app with the subject line "Data Deletion Request"
  • Requesting a full export of their data by emailing support@clinvo.app

We will respond to all data rights requests within 30 days.

9.3 For clinic owners and staff

Clinic owners can:

  • Export all clinic data at any time from the analytics section
  • Request full data deletion upon account cancellation
  • Update or correct clinic information from settings at any time
  • Remove team members and revoke their access at any time

9.4 Exercising your rights

To exercise any of your rights, contact us at support@clinvo.app.

Please include your name, clinic name (if applicable), and a description of your request. We may ask you to verify your identity before processing your request.

10. Cookies

Clinvo uses cookies and similar technologies to operate the platform and improve your experience.

Essential cookies — required for the platform to function. These cannot be disabled.

  • Authentication session cookies
  • Security tokens
  • Language preference

Analytics cookies — help us understand how the platform is used so we can improve it. These can be disabled.

  • Page view tracking
  • Feature usage analytics

We do not use advertising cookies or share cookie data with advertising networks.

11. Children's Privacy

Clinvo is not intended for use by children under the age of 18 as account holders. However, dental clinics may manage records for child patients. In such cases, a parent or guardian must create the account and manage the child's records through the family account feature. Child patient records receive the same privacy protections as adult records.

12. International Data Transfers

Our database is hosted by Supabase on servers located in the European Union. By using Clinvo, you consent to your data being stored on EU servers. The EU maintains data protection standards that are among the highest in the world, and this transfer is consistent with Jordan's PDPL requirements.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will:

  • Update the "Last updated" date at the top of this page
  • Notify clinic owners by email at least 14 days before changes take effect
  • Display a notice in the Clinvo application

Continued use of Clinvo after changes take effect constitutes acceptance of the updated policy.

14. Contact Us

For any questions, concerns, or requests related to this Privacy Policy: