Legal

Enterprise Privacy Policy

Last Updated: 20th Feb 2026

This Privacy Policy explains how EZAppointo ("EZAppointo," "we," "us," or "our") collects, uses, processes, discloses, and protects personal information and Protected Health Information ("PHI") in connection with the EZAppointo platform, including scheduling, messaging, and telehealth video consultation services (the "Platform").

EZAppointo is designed to meet healthcare privacy expectations and incorporates administrative, technical, and operational safeguards.

1. ROLE OF EZAPPOINTO

EZAppointo provides software infrastructure for healthcare Providers.

  • Providers are the data controllers of patient medical and appointment data.
  • EZAppointo acts as a data processor or service provider.

EZAppointo is NOT a healthcare provider and does not diagnose, treat, or provide medical care.

2. INFORMATION COLLECTED

Patient Data:

  • Name, phone number, email
  • Appointment date, time, provider, location
  • Intake information entered by Provider
  • Communications metadata

Provider Data:

  • Provider name, clinic name, contact information
  • Account credentials
  • Scheduling configurations

Technical Data:

  • IP address
  • Device identifiers
  • Log activity

Payment Data:

  • Stripe payment tokens
  • Subscription billing information
  • Transaction metadata

EZAppointo does NOT store full credit card numbers.

Video Consultation Data:

  • Session timestamps
  • Connection diagnostics
  • In-session communications

Sessions are NOT recorded by default.

3. PROTECTED HEALTH INFORMATION (PHI)

EZAppointo may process PHI on behalf of Providers.

EZAppointo implements safeguards including:

  • Access control restrictions
  • Encryption in transit
  • Authentication protections
  • Monitoring and logging

Providers are responsible for determining PHI content entered into the system.

4. HIPAA COMPLIANCE AND BUSINESS ASSOCIATE ROLE

Where applicable under U.S. law, EZAppointo may function as a Business Associate.

Providers must execute a Business Associate Agreement where required.

EZAppointo processes PHI solely to provide Platform services and does not use PHI for advertising or resale.

Providers are responsible for HIPAA compliance in their clinical workflows.

5. SMS REMINDERS AND COMMUNICATION

EZAppointo sends transactional SMS messages to users who have explicitly opted in during the appointment booking or account registration process. Message types include appointment confirmations, appointment reminders, rescheduling notifications, video consultation links, and one-time verification (OTP) codes.

Opt-In: By providing your phone number and checking the SMS consent checkbox on our booking form, you agree to receive SMS messages from EZAppointo. Consent is not a condition of purchase.

Message Frequency: Message frequency varies based on your appointment activity. You may receive up to 5 messages per appointment (confirmation, reminder, follow-up).

Message & Data Rates: Standard message and data rates may apply depending on your mobile carrier plan.

Opt-Out: You may opt out at any time by replying STOP to any message. You will receive one final confirmation and no further messages will be sent.

Help: Reply HELP to any message or contact us at info@finitsystems.com for assistance.

Carriers: SMS messages are transmitted via third-party telecommunications providers. Delivery cannot be guaranteed. EZAppointo is not liable for delayed or undelivered messages.

10. DATA RETENTION

Data is retained only as necessary for operational, contractual, and legal purposes.

Providers are responsible for medical record retention requirements.

11. BREACH NOTIFICATION

If EZAppointo becomes aware of a confirmed unauthorized access event affecting regulated PHI, EZAppointo will notify affected Providers without unreasonable delay, consistent with applicable law and contractual obligations.

Providers are responsible for regulatory reporting and patient notification unless otherwise agreed in writing.

12. INTERNATIONAL AND NON-U.S. PROVIDERS

Providers outside the United States must comply with their local privacy laws.

EZAppointo provides reasonable safeguards but does not assume regulatory responsibility for Provider jurisdiction compliance.

13. USER RIGHTS

Users may request:

  • Access
  • Correction
  • Deletion

Requests may be sent to info@finitsystems.com

Patients should contact their Provider for medical record requests.

14. LIMITATION OF LIABILITY RELATED TO DATA

EZAppointo shall not be liable for:

  • Provider misuse of the Platform
  • Provider PHI handling violations
  • User credential compromise
  • Third-party integration security failures
  • Telecommunication delivery failures

To the maximum extent permitted by law, liability is limited.

15. COOKIES

EZAppointo uses cookies to:

  • Maintain sessions
  • Improve performance
  • Enhance security

Users may disable cookies.

16. POLICY CHANGES

EZAppointo may update this policy.

Continued use constitutes acceptance.

17. CONTACT

EZAppointo
Email: info@finitsystems.com
Address: 45 West John Street Suite 207
Hicksville, NY 11801