Privacy Policy

Last updated: May 3, 2026

Clinic OS Pro is a registered business name (Ontario BIN 1001580753) operated by A-Caliber Inc., an Ontario corporation (Ontario corporate #2809321, BN 787192947RC0001) based in Windsor, Ontario, Canada (collectively "Clinic OS Pro," "Company," "we," "us," or "our"). This Privacy Policy explains how we collect, use, disclose, and protect your information when you visit clinicospro.com, book a call, or use the Clinic OS Pro platform and services.

1. Information We Collect

1.1 Information You Provide

• Contact information (name, email address, phone number, company name, job title)
• Business information you share during consultations
• Communications (emails, chat messages, call recordings and transcripts)
• Payment information (processed securely by third-party payment providers)
• Information about your clinic, patients (in aggregate), and business operations

1.2 Automatically Collected Information

• IP address and device information
• Browser type and operating system
• Pages visited and time spent on our website
• Referring website or source
• Cookies and similar tracking technologies

1.3 Call Recordings and Transcriptions

We may record and transcribe calls and meetings using AI-powered tools. These recordings may create voice profiles ("voiceprints") for speaker identification purposes. See Section 8 for more details on biometric data.

1.4 Text Messaging (SMS) and Phone Numbers

When you submit our Implementation Call booking form at clinicospro.com/book, you may optionally provide a mobile phone number and check an unchecked-by-default box to receive a 1-hour pre-call SMS reminder. Phone collection is optional; the booking is confirmed via email regardless of whether you check the SMS box. Both the phone field and the SMS opt-in checkbox are independent of each other and independent of completing the booking.

Phone numbers and SMS opt-in events are stored solely to deliver the SMS you opted in to receive and to demonstrate consent if required by carriers, regulators, or our SMS provider. Each opt-in event is logged with timestamp and IP address. We do not sell, rent, share, or use phone numbers or SMS data for marketing to third parties. SMS messages are transmitted via our messaging carrier partner Telnyx LLC, which acts as a service provider under this Privacy Policy.

You can opt out of SMS at any time by replying STOP (or STOPALL, UNSUBSCRIBE, CANCEL, END, QUIT) to any message we send, or by emailing support@clinicospro.com. Opt-out is processed in real time. Full SMS terms are at clinicospro.com/sms-terms.

Patient SMS is separate. If you are a patient receiving SMS from a physical therapy clinic that uses the Clinic OS Pro SaaS, those messages come from the clinic’s own separately-verified phone number, not from Clinic OS Pro / A-Caliber Inc. The clinic is responsible for collecting and managing patient SMS consent and operates under its own privacy notices.

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our consulting and retention platform services
• Communicate with you about our services, appointments, and updates
• Process payments and manage billing
• Send marketing communications (with your consent)
• Create meeting notes, documentation, and action items
• Analyze usage patterns to improve user experience
• Comply with legal obligations
• Protect our rights and prevent fraud

3. Information Sharing and Disclosure

We do NOT sell your personal information. We may share information with:

• Service Providers: Cloud hosting, payment processing, AI tools, analytics, and email services that help us operate our business
• Professional Advisors: Accountants, lawyers, and other professionals as needed
• Legal Requirements: When required by law, subpoena, court order, or government request
• Business Transfers: In connection with any merger, acquisition, or sale of assets
• With Your Consent: When you explicitly authorize us to share information

4. AI Tools and Third-Party Services

We use various AI tools and third-party services that may process your information, including but not limited to:

• OpenAI (GPT-4, ChatGPT API)
• Anthropic (Claude API)
• AI transcription services (Zoom, Fathom, Otter.ai, Fireflies, or similar)
• Analytics tools (Google Analytics or similar)
• Cloud hosting providers
• Email marketing platforms

These providers have their own privacy policies. Where the provider offers controls, we configure AI tools so that your content is not used to train public models. However, we cannot guarantee that every provider honors those settings in all circumstances, and model training controls vary by provider and plan.

PHI and AI Tools: You are responsible for ensuring that any Protected Health Information (PHI) or other regulated data you share with us or enter into AI-assisted workflows complies with applicable law. Do not input PHI into any AI tool or workflow we use unless we have a signed BAA in place and you have confirmed that the specific tool is covered by that BAA.

5. Cookies and Tracking Technologies

We use cookies and similar technologies for:

• Essential Functionality: Required for the website to function properly
• Analytics: To understand how visitors use our website
• Marketing: To deliver relevant advertisements (if applicable)

You can control cookies through your browser settings. Disabling certain cookies may affect website functionality.

6. Data Security

We implement reasonable technical and organizational measures to protect your information, including:

• Encryption in transit (HTTPS/TLS)
• Secure password practices
• Access controls and authentication
• Regular security reviews

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your information.

7. Data Retention

We retain information as long as necessary to:

• Provide our services
• Comply with legal obligations
• Resolve disputes
• Enforce our agreements

Typical retention periods:

• Client records: 7 years after engagement ends
• Call recordings and transcripts: 2 years
• Marketing contacts: Until opt-out or 3 years of inactivity
• Biometric data (voiceprints): 2 years or when purpose is satisfied

8. Call Recording and Biometric Data

8.1 Recording of Communications

We record and transcribe client calls and meetings for documentation, quality assurance, and training purposes. Recordings may be made using various platforms including Zoom, Google Meet, Microsoft Teams, and AI-powered transcription tools.

8.2 Biometric Data Collection

We are committed to complying with the Illinois Biometric Information Privacy Act (BIPA) and similar state biometric privacy laws where applicable. AI transcription tools may create voice profiles or "voiceprints" to identify and distinguish between speakers. These voiceprints may constitute biometric identifiers or biometric information under BIPA and similar state laws.

8.3 Purpose of Biometric Data Collection

Biometric data (voiceprints) is collected solely for:

• Accurate speaker identification in meeting transcripts
• Creating attributed meeting notes and action items
• Quality documentation of client engagements

8.4 Retention and Destruction of Biometric Data

Biometric data will be retained for no longer than 2 years from collection, or when the purpose for collection has been satisfied, whichever comes first. Biometric data will be permanently destroyed by securely deleting recordings and associated transcripts when:

• The retention period expires
• You request deletion in writing
• The business relationship ends and the retention period expires

8.5 No Sale of Biometric Data

We will NOT sell, lease, trade, or otherwise profit from your biometric data. Biometric data is disclosed only to service providers necessary for transcription services.

8.6 Consent and Opt-Out

Before or at the time we collect biometric data, we obtain written or electronic consent that describes the specific purpose and duration of collection. By signing a client service agreement or by continuing to participate in a recorded session after being notified of recording, you provide that consent. You may withdraw consent and opt out of biometric data collection for any future meeting by notifying us in writing at ben@wiebe-consulting.com before the meeting begins. Withdrawal of consent does not affect data already collected.

9. Healthcare Clients and Protected Health Information (PHI)

For healthcare clients subject to HIPAA (Health Insurance Portability and Accountability Act):

• A separate Business Associate Agreement (BAA) will be executed before we access any Protected Health Information
• We will implement appropriate safeguards as required by HIPAA
• PHI will NOT be processed through consumer AI tools that are not HIPAA-compliant
• We will use only the minimum necessary PHI to perform our services

10. Your Rights

Depending on your location, you may have rights regarding your personal information:

10.1 General Rights

• Access: Request a copy of your personal information
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your information (subject to legal retention requirements)
• Objection: Object to certain processing activities
• Portability: Request your data in a portable format
• Withdraw Consent: Withdraw consent where processing is based on consent
• Opt-Out of Marketing: Unsubscribe from marketing communications

Note for Healthcare Clients: These rights apply to information we hold about you as a client. Patient rights regarding Protected Health Information (access, amendment, accounting of disclosures) must be exercised directly with your clinic as the Covered Entity. We will assist you in fulfilling patient rights requests as required by our BAA, but we cannot respond directly to requests from your patients.

10.2 California Residents (CCPA/CPRA) - Do Not Sell My Personal Information

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to know what personal information we collect and how it is used
• Right to delete personal information
• Right to opt-out of "sales" of personal information
• Right to non-discrimination for exercising your rights
• Right to correct inaccurate personal information
• Right to limit use of sensitive personal information

To exercise your CCPA/CPRA rights, please contact us at ben@wiebe-consulting.com with "CCPA Request" in the subject line. We will respond to verified requests within 45 days as required by law.

10.3 Canadian Residents (PIPEDA)

Canadian residents have rights under PIPEDA to access and correct their personal information. Contact us to exercise these rights.

10.4 European Union / UK Residents (GDPR)

If you are in the EU or UK:

• Legal Basis: We process data based on contract performance, legitimate interests, or consent
• Data Transfers: We may transfer data to Canada and the United States
• Supervisory Authority: You may lodge complaints with your local data protection authority

To exercise your rights, contact us at: ben@wiebe-consulting.com

11. International Data Transfers

We are based in Canada and may transfer your information to the United States and other countries where our service providers operate. For transfers of personal data from the EU or UK to the United States or other countries not deemed adequate by the European Commission, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent transfer mechanisms recognized under applicable law. Our Data Processing Addendum (DPA) incorporates SCCs by reference and is available upon request for EU and UK clients.

12. SMS Consent Records (TCPA Compliance Infrastructure)

For the SMS messaging features described in our SMS Terms & Consent, the Clinic OS Pro platform stores per-recipient consent records to satisfy TCPA, CASL, and provincial telemarketing laws. This section documents what is stored and for how long.

12.1 Per-patient SMS consent fields (Clinic → Patient channel)

For each patient of a Clinic OS Pro clinic, the platform stores the following fields against the patient record:

• smsConsentAt — UTC timestamp of when the patient’s consent was captured. Required (non-null) for any SMS to be sent to that patient.
• smsConsentMethod — one of five enum values documenting how consent was captured: WEB_INTAKE, BULK_IMPORT_TPO, MANUAL_FRONT_DESK, PHONE_VERBAL, or LEGACY_SEED. See SMS Terms & Consent §2.1 for definitions of each path.
• smsConsentTextSnapshot — the verbatim text the patient (or attesting clinic owner / staff member) agreed to at the moment of consent. Locked at write time and never modified afterwards. Used as legal defense in case of TCPA challenge.
• smsConsentIp — for web-collected consent (path WEB_INTAKE) only, the IP address from which the patient submitted the intake form.
• smsConsentSource — operational metadata indicating the application surface that captured the consent (e.g. intake_v1, import_wizard_v2).
• smsConsentAttestedById — for non-web consent paths (BULK_IMPORT_TPO, MANUAL_FRONT_DESK, PHONE_VERBAL), the Clinic OS Pro user ID of the clinic staff member or owner who attested the consent on the patient’s behalf.

12.2 Per-prospect SMS consent (Platform → Account Holder channel)

For prospects who opt in to platform SMS via the booking form at clinicospro.com/book, the marketing site stores: timestamp of consent, IP address, the verbatim disclosure text shown at the moment of opt-in, and the phone number provided. These records are kept against the booking submission.

12.3 Retention

SMS consent records are retained for the longer of: (a) the lifetime of the patient’s relationship with the clinic, (b) the legal retention period for healthcare records in the clinic’s jurisdiction, and (c) four years after the most recent SMS sent to that recipient (the TCPA statute of limitations). After this period, consent records may be archived or deleted on request, except where ongoing litigation, audit, or regulatory hold requires preservation.

12.4 Per-patient audit reports

On request from a patient, regulator, or carrier, a clinic can generate a per-patient SMS audit report showing the recorded consent method, snapshot text, attester (if any), capture timestamp, and full SMS message history with delivery status. Patients may request this report from the clinic that holds their record. Carriers conducting Toll-Free Verification reviews can request audit data from A-Caliber Inc. as the platform operator.

12.5 Data controller vs. data processor (patient channel)

For SMS sent on the Clinic → Patient channel, the clinic is the data controller for the patient’s personal data, including phone number and consent records. Clinic OS Pro / A-Caliber Inc. acts as a data processor, providing the technical infrastructure to capture, store, and act on consent on the clinic’s behalf. The clinic is the legal sender of every patient SMS; A-Caliber Inc. is the technical aggregator. See Terms of Service §5.1 for the corresponding division of responsibility.

13. Children's Privacy

Our services are intended for businesses and professionals, not for children. We do not knowingly collect personal information from individuals under 18 years of age. If we learn that we have collected personal information from a child, we will take steps to delete that information promptly.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated "Last Updated" date. We encourage you to review this Privacy Policy periodically. Your continued use of our services after changes constitutes acceptance of the updated policy.

15. Accessibility

Wiebe Consulting is committed to ensuring digital accessibility for people with disabilities. We are continually improving the user experience for everyone and applying the relevant accessibility standards.

15.1 Conformance Status

We strive to conform to the Web Content Accessibility Guidelines (WCAG) 2.1 Level AA standards. These guidelines help make web content more accessible to people with disabilities, including those with visual, auditory, physical, speech, cognitive, language, learning, and neurological disabilities.

15.2 Accessibility Features

We have implemented the following measures to ensure accessibility:

• Semantic HTML structure for screen reader compatibility
• Alternative text for images
• Sufficient color contrast ratios
• Keyboard navigation support
• Responsive design for various devices and screen sizes
• Clear and consistent navigation

15.3 Feedback and Assistance

We welcome your feedback on the accessibility of our website. If you encounter accessibility barriers or need assistance:

• Email: ben@wiebe-consulting.com
• Please include "Accessibility" in the subject line
• Describe the specific accessibility issue or barrier you encountered
• Provide the URL or page where you experienced the issue

We will make reasonable efforts to address accessibility concerns and provide the information or service you need through an alternative communication method that is accessible for you.

15.4 Limitations

Despite our best efforts to ensure accessibility, there may be some limitations. Below is a description of known limitations:

• Third-party content: Some content provided by third parties may not be fully accessible
• Legacy content: Older content may not meet all current accessibility standards
• PDF documents: Some PDF documents may not be fully accessible; contact us for alternative formats

If you need information from this website in a different format, please contact us and we will do our best to provide it in an accessible format.

16. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us at:

By using our website or engaging our services, you acknowledge that you have read and understood this Privacy Policy.