Privacy Policy

Last updated: March 1, 2026

BackfillAI ("we," "our," or "us") is committed to protecting the privacy of our clinic customers and their patients. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our platform.

1. Information We Collect

We collect information that clinics provide when setting up and using BackfillAI, including:

• Clinic name, address, and contact information
• Therapist names and contact details
• Patient first names and guardian contact information (phone numbers, email addresses)
• Appointment scheduling data
• Insurance authorization information
• Session attendance records

2. How We Use Information

We use the information we collect to:

• Provide our appointment backfill and waitlist management services
• Send SMS and WhatsApp notifications to patients/guardians about appointment availability
• Generate AI-powered waitlist rankings using anonymized patient preference data
• Track revenue recovery and clinic performance metrics
• Improve our platform and services

3. SMS and Messaging Communications

BackfillAI sends SMS and WhatsApp messages to patients and guardians on behalf of clinics. These messages are sent only to individuals who have provided consent through their clinic's intake process. Message frequency varies based on appointment availability. Standard message and data rates may apply.

Recipients may opt out at any time by replying STOP to any message. For help, reply HELP or contact us at hello@backfillai.com.

4. HIPAA Compliance

BackfillAI operates as a Business Associate under HIPAA for clinics that are Covered Entities. We maintain appropriate administrative, physical, and technical safeguards to protect Protected Health Information (PHI). We enter into Business Associate Agreements (BAAs) with clinic customers as required.

5. Data Sharing

We do not sell patient data. We share information only with:

• Twilio (SMS/WhatsApp delivery)
• MongoDB Atlas (secure database hosting)
• Anthropic (AI processing — anonymized data only)
• Railway and Vercel (platform hosting)

All third-party providers are bound by appropriate data processing agreements.

6. Data Security

We implement industry-standard security measures including encrypted data transmission (TLS), secure password hashing, JWT-based authentication, and access controls. Patient contact information is stored securely and accessible only to authorized clinic staff.

7. Data Retention

We retain clinic and patient data for as long as the clinic maintains an active subscription. Upon termination, clinics may request data deletion within 30 days.

8. Your Rights

Clinic administrators may access, correct, or delete patient records through the BackfillAI dashboard at any time. For additional privacy requests, contact us at hello@backfillai.com.

9. Changes to This Policy

We may update this Privacy Policy periodically. We will notify clinic administrators of material changes via email. Continued use of BackfillAI after changes constitutes acceptance of the updated policy.

10. Contact Us

For privacy-related questions or concerns, contact us at:
BackfillAI / IntegrateLogic LLC
Lawrenceville, GA
hello@backfillai.com