Privacy Policy
Last updated: March 20, 2026
Connectient is operated by Full Stack Collective LLC. We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our healthcare appointment management platform at connectient.app.
1. Information We Collect
We collect information you provide directly to us, including:
- Name, email address, and contact information
- Healthcare practice details and business information
- Patient appointment data, including names, phone numbers, and appointment types
- Patient pre-registration and medical history data (Protected Health Information / PHI)
- Payment and billing information
- Google account information, where you choose to sign in or connect a Google account (see Section 5)
We also collect certain information automatically when you use the platform, including IP address, browser type, and usage data for security and performance purposes.
2. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve the Connectient platform
- Process and manage appointment requests and schedules
- Send notifications and communications related to your account or appointments
- Process payments and prevent fraud
- Comply with applicable legal obligations
- Respond to support requests
3. Protected Health Information (PHI) and Patient Pre-Registration
Connectient processes Protected Health Information on behalf of healthcare providers. PHI is handled in accordance with applicable healthcare privacy regulations. Healthcare providers using Connectient are responsible for ensuring their own compliance with applicable laws governing patient data in their jurisdiction.
Practices may invite patients to complete a pre-registration form prior to their appointment. This form is delivered via a unique, time-limited link sent to the patient by the practice. The form collects personal details, medical or dental history, and a digital signature. Patients do not need a Connectient account to complete the form.
Information submitted through the pre-registration form is accessible only to the practice that issued the link. Connectient does not use patient pre-registration data for any purpose other than making it available to the relevant practice. Pre-registration links expire after 7 days if unused.
All PHI is encrypted in transit and at rest. We do not sell or share PHI with third parties except as necessary to operate the platform or as required by law.
4. Data Sharing
We do not sell your personal information.
We may share your information with third-party service providers who assist us in operating the platform, subject to confidentiality obligations. These include hosting, authentication, payment processing, email delivery, and messaging providers.
We may disclose information where required by law or to protect the rights, property, or safety of Connectient, our users, or others.
5. Google API Services
Connectient integrates with Google in two ways: sign-in authentication and optional Google Calendar sync. Each is described separately below.
5a. Sign in with Google
You may choose to create an account or sign in to Connectient using your Google account. When you do, we request access to the following scopes: openid, email, and profile.
We use this information solely to authenticate your identity, create and maintain your Connectient account, and display your name and email address within the platform. We do not use your Google identity information for advertising or profiling, and we do not share it with third parties except as necessary to operate your account.
5b. Google Calendar Integration
Connectient offers an optional integration with Google Calendar. If you choose to connect your Google account for calendar sync, the following applies:
What we access
When you authorise the Google Calendar integration, Connectient requests access to create, update, and delete calendar events on your behalf using the https://www.googleapis.com/auth/calendar.events scope. We also access your Google account email address to display the connected account in the interface.
What we do with it
Connectient uses this access solely to push confirmed appointment data to your connected Google Calendar. This includes the patient name, appointment type, date, time, and contact phone number. We do not read your existing Google Calendar events. We do not use Google Calendar data for advertising, profiling, or any purpose other than creating and managing appointment events on your behalf.
What we store
We store OAuth access and refresh tokens, encrypted at rest using AES-256-GCM, in order to maintain the calendar connection. We store the Google account email address associated with the connection for display purposes.
Disconnecting
You may disconnect your Google Calendar integration at any time from the Connected Apps section of your dashboard. Disconnecting removes your stored credentials from our system and stops all future calendar syncing. Existing events previously created by Connectient in your Google Calendar are not deleted upon disconnection.
Data retention
OAuth tokens are deleted immediately upon disconnection. If you delete your Connectient account, all associated Google credentials are permanently removed from our systems.
Connectient's use of information received from Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements.
6. WhatsApp Notifications (Twilio)
Connectient uses Twilio to deliver WhatsApp messages on behalf of healthcare practices. These messages are sent only in response to explicit practice-initiated actions — they are operational notifications, not marketing communications.
Messages sent to patients
When a practice confirms an appointment or sends a pre-registration link via WhatsApp, the patient's name, phone number, appointment details, and registration URL are transmitted to Twilio for message delivery.
Messages sent to practice staff
When a new appointment request is received, a notification may be sent to the practice's registered WhatsApp number. This message includes the practice name only — no patient data is included in staff notifications.
Twilio as a data processor
Twilio acts as a data processor on our behalf and is subject to confidentiality obligations. Message data is transmitted to Twilio solely for the purpose of delivery. For more information, see Twilio's Privacy Policy.
7. Data Security
We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. All data is encrypted in transit (TLS) and at rest (AES-256). Sensitive credentials such as OAuth tokens are encrypted using AES-256-GCM before storage. No method of transmission over the internet is completely secure, but we are committed to protecting your information using industry-standard practices.
8. Data Retention
We retain your personal information for as long as your account is active or as needed to provide services. If you terminate your account, we will delete or anonymise your personal data within a reasonable period, except where retention is required by law.
Patient pre-registration data is retained for the duration of the practice's active subscription and deleted upon account closure, subject to any legal retention obligations applicable to healthcare records in the relevant jurisdiction.
9. Your Rights
You have the right to:
- Access and receive a copy of your personal information
- Request correction of inaccurate or incomplete data
- Request deletion of your personal information
- Object to or restrict certain processing activities
- Withdraw consent at any time where processing is based on consent
To exercise any of these rights, contact us at support@connectient.app.
10. Cookies
Connectient uses essential cookies to maintain your authenticated session. We do not use advertising or tracking cookies.
11. Children's Privacy
Connectient is not directed at individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, please contact us and we will promptly delete it.
12. Governing Law
This Privacy Policy is governed by the laws of the Republic of Trinidad and Tobago. Full Stack Collective LLC operates this platform and is responsible for the processing of personal data described in this policy.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date at the top of this page. Your continued use of the platform after changes are posted constitutes your acceptance of the revised policy.
14. Contact Us
If you have questions about this Privacy Policy or our privacy practices, please contact: