Privacy Policy

This Privacy Policy explains how Vela / Clinicare collects, uses, stores, and shares information when clinics and their staff use the service.

Clinics control the client and patient information they enter into Vela. Vela processes that information to provide the software, support the account, maintain security, and operate the product.

We collect account information such as names, email addresses, login details, clinic names, clinic type, staff records, branding choices, settings, plan information, and support communications.

Clinics may store client information such as names, contact details, appointment history, notes, messages, uploaded images, captions, reminder records, and other clinic workflow data.

We also collect technical information such as device, browser, IP address, session, security, usage, error, and performance data needed to run, protect, and improve the service.

We use information to create and secure accounts, provide clinic workspaces, show client and staff records, schedule appointments, support reminders and messaging, generate reports, resolve support requests, prevent abuse, and maintain the service.

We may use aggregated or de-identified operational data to understand product performance and improve features. We do not sell clinic client records.

Because clinics may enter health, wellness, appointment, or other sensitive client information, clinics must decide what information belongs in Vela and must provide any notices or obtain any consents required by applicable law.

Clinics are responsible for configuring staff access, maintaining accurate records, responding to client requests, and complying with professional, privacy, healthcare, and messaging rules that apply to their business.

Reports may use clinic operational metrics to generate AI-assisted analysis, diagnosis, recommendations, or rule-based fallback guidance. These features are designed to support operational decision-making, not clinical decisions.

We limit report prompts to the information needed to produce the feature. Clinics should avoid entering unnecessary sensitive details into free-text fields when they are not needed for operations.

We use trusted service providers for hosting, database, authentication, storage, email, messaging, analytics, AI processing, monitoring, payments, and support. These providers process information only as needed to provide their services to us.

Provider availability, data locations, and subprocessors may change over time as the product develops. We aim to choose providers appropriate for a modern SaaS clinic workspace.

We use technical and organizational safeguards designed to protect information, including authenticated access, workspace separation, private media storage, signed media access, and operational monitoring.

No method of transmission or storage is completely secure. Clinics should use strong passwords, protect staff devices, limit access to authorized staff, and contact us promptly if they suspect unauthorized access.

We retain account and clinic information for as long as needed to provide the service, meet legal or accounting obligations, resolve disputes, enforce agreements, maintain backups, and support security.

After cancellation or deletion, some information may remain in backups, logs, billing records, or legal records for a limited period before deletion according to our operational processes.

Account owners may request access, correction, deletion, or export of account information by contacting support. We may need to verify the request before acting.

Requests involving client or patient data should normally be directed to the clinic that controls that data. We may redirect individual client requests to the clinic unless the law requires a different response.

Vela may be accessed from different countries, and service providers may process information in countries other than where a clinic or client is located.

Clinics are responsible for confirming that their use of Vela is appropriate for their location, profession, and client base.

Vela is intended for clinics and appointment-based businesses, not for children to create their own accounts.

If a clinic stores information about minors, the clinic is responsible for obtaining appropriate guardian consent and complying with applicable rules.

We may update this Privacy Policy to reflect product, provider, legal, or operational changes. The updated version will show a new last updated date.

For material changes, we will take reasonable steps to notify account owners through the service, email, or another appropriate channel.