Legal Draft
Privacy Policy
This policy is issued by Forseti Technologies, operating as Forseti Health ("Forseti", "we", "us"). Forseti handles clinic and patient data to deliver service, secure platform, and support healthcare operations. We do not use SMS or text messaging for marketing whatsoever.
1. Information We Collect
We may collect information provided by clinics and authorized users, including:
- account details such as usernames, email addresses, and authentication records;
- appointment data, phone numbers, patient names, templates, scheduling inputs, and message content;
- system logs, usage data, browser details, and device-level diagnostic information; and
- support requests, demo requests, and business contact information submitted to us.
2. How We Use Information
We use information to operate and improve Forseti, including to:
- authenticate users and secure access to service;
- schedule, transmit, and log clinic-directed patient outreach;
- maintain product reliability, detect abuse, and troubleshoot issues;
- support clinics, respond to requests, and improve product performance; and
- meet legal, security, and contractual obligations.
We do not sell patient data or protected health information. We do not use patient phone numbers or message flows for unrelated advertising purposes.
3. Messaging and HIPAA Standards
Forseti is intended for responsible, minimum-necessary patient communications. Outbound messages should avoid unnecessary PHI and should not include diagnosis names, procedure details, medication lists, or test results unless clinic determines disclosure is lawful, necessary, and properly authorized.
Forseti does not use SMS or text for marketing. Texting, where used, should remain limited to care, scheduling, operational, or other patient-service communications authorized by clinic.
"Forseti for North Valley Clinic: reminder of your appointment tomorrow at 9:00 AM. Questions? Call 555-0100. Reply STOP to stop text messages from this clinic."
4. Sharing and Disclosure
We may share information with service providers and infrastructure partners that help us host, secure, and operate Forseti, subject to appropriate confidentiality and security obligations. We may also disclose information when required by law, to protect rights or safety, or to investigate misuse of service.
Mobile Information: No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.
5. Security
We use administrative, technical, and organizational safeguards designed to protect information handled through platform, including encrypted transport, AES-based data encryption practices, access controls, and monitoring intended to reduce unauthorized access risk.
No system can promise absolute security. Clinics should also use strong passwords, limit account access, review message templates, and avoid storing unnecessary PHI in freeform fields.
6. Clinic Control and Responsibility
Clinics decide what data to enter, what messages to approve, who receives outreach, and whether use is lawful for their patients and jurisdictions. Forseti provides service tooling, but clinic remains responsible for consent, content, timing, and compliance.
SMS Consent: Patients must provide express consent to receive text messages. Clinics using Forseti must maintain records of this consent. Patients may opt out at any time by replying "STOP" to any message. After opting out, the patient will receive one final message confirming the opt-out, and no further messages will be sent unless the patient opts back in. Standard message and data rates may apply. Message frequency varies based on clinic activity and appointment volume. For support, patients can reply "HELP" to any message or contact the clinic directly at the number provided in the initial text. In accordance with 2026 FCC regulations, consent to receive SMS is provided specifically and exclusively to the individual clinic authorized by the patient; Forseti does not share or utilize that consent for any other third-party services or clinics.
How Patients Opt In: Consent is obtained verbally by clinic staff during the appointment booking phone call. When a patient calls the clinic to schedule an appointment, clinic staff record the patient's mobile number and request express verbal consent to send SMS reminders and care-related messages from that clinic to that number. The consent, the date, the number, and the staff member capturing it are logged inside clinic's Forseti instance as a permanent record. Phone numbers are never collected from third-party lists, purchased databases, or web scraping. No SMS is sent to a patient until that consent record exists.
"We can send you appointment reminders and care updates by text message from [Clinic Name] to the mobile number you just provided. Message and data rates may apply, message frequency depends on your appointments, you can reply STOP at any time to stop, and reply HELP for help. Do you agree to receive these text messages?"
If clinic uses Forseti in improper or non-compliant way, liability for that misuse stays with clinic to fullest extent permitted by law. Forseti must be used responsibly.
7. Changes to This Draft
We may update this policy as product, law, or operations change. When finalized, revised version should include final effective date and any additional notices required by law or contract.
8. Contact Us
Questions about this policy, data handling, SMS practices, or opt-in/opt-out requests can be directed to:
- Email: admin@forseti.health
- Mail: Forseti Technologies (Forseti Health), 729 Garden Acres Blvd, Bryan, TX 77802