Privacy Policy

Your privacy matters.

This policy describes what information Chiropractic Grit collects, how it is used, and how it is protected. We are committed to handling your data with care and in compliance with applicable law, including HIPAA.

Last updated: March 31, 2026

1. Who we are

Chiropractic Grit ("Grit," "we," "us") is a practice management platform built for independent chiropractic practices. We provide scheduling, clinical documentation, patient portal, secure messaging, and SMS notification services.

For questions about this policy, contact us at support@chiropracticgrit.com.

2. Information we collect

We collect information in two categories: information from practices and providers, and information from patients.

From practices and providers:

  • Name, email address, and login credentials
  • Practice name, address, and phone number
  • Billing information (processed by our payment processor — we do not store card numbers)
  • Schedule, time-off, and clinical note preferences
  • Usage data such as logins, features used, and actions taken in the platform

From patients (via the patient portal or practice data entry):

  • Name, date of birth, address, phone number, and email
  • Appointment history
  • Clinical notes and SOAP documentation entered by providers
  • Billing balances and payment activity
  • SMS consent status and opt-in/opt-out history
  • Messages sent and received through the platform

Automatically collected:

  • IP addresses and browser/device information for security and fraud prevention
  • Log data including timestamps of logins and API requests

3. How we use your information

We use the information we collect to:

  • Provide, operate, and improve the Grit platform
  • Send appointment reminders and notifications on behalf of your practice
  • Process payments and manage your subscription
  • Respond to support requests and account issues
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with applicable laws and regulations

We do not use patient data for advertising, marketing profiling, or sale to third parties. We do not use provider or practice data for purposes unrelated to operating the platform.

4. Protected health information (HIPAA)

Grit is designed for use by HIPAA-covered entities (chiropractic practices) and functions as a Business Associate when handling Protected Health Information (PHI) on your behalf. A Business Associate Agreement (BAA) is included with all Grit Pro subscriptions.

PHI stored in Grit — including patient records, clinical notes, and appointment data — is handled in accordance with HIPAA's Privacy and Security Rules. We implement administrative, physical, and technical safeguards appropriate for this data.

SMS messages sent through Grit intentionally contain no PHI. Clinical communications are conducted through the HIPAA-grade secure messaging system, not via text message.

5. SMS messaging & consumer data

When a practice uses Grit's SMS features, patient phone numbers are used solely to send messages the patient has consented to receive from that practice.

  • Phone numbers are never sold or shared with third-party marketers
  • Phone numbers are not used for any purpose outside of practice communications
  • SMS consent is recorded per patient, per practice
  • Opt-out requests (STOP) are honored immediately and permanently until the patient opts back in

For full details on SMS messaging, see our SMS Terms & Conditions.

6. How we share information

We do not sell your data. We share data only in the following limited circumstances:

  • Service providers — We use third-party vendors to operate the platform, including cloud infrastructure (AWS), SMS delivery (Telnyx), and payment processing (Stripe). These vendors process data only as directed by us and are bound by data protection agreements.
  • Legal requirements — We may disclose information if required by law, court order, or government request, or to protect the rights and safety of Grit, its users, or the public.
  • Business transfers — If Grit is acquired or merges with another company, your data may be transferred. We will notify active subscribers before any such transfer and you will have the option to export and delete your data.

7. Data security

We take the security of your data seriously and implement industry-standard protections:

  • All data in transit is encrypted using TLS 1.3
  • All data at rest is encrypted using AES-256
  • Access to patient data is restricted by role-based permissions
  • Audit logs are maintained for all data access and modifications
  • Infrastructure is hosted on AWS in US regions with SOC 2 Type II compliance
  • Automated backups are performed regularly

No system is completely secure. In the event of a data breach affecting your account or patient data, we will notify you as required by applicable law, including HIPAA's Breach Notification Rule.

8. Data retention

We retain your data for as long as your account is active. When your account is cancelled:

  • You have 30 days to export your data before deletion
  • After 30 days, your data is permanently deleted from our systems
  • Backups containing your data are purged on a rolling schedule within 90 days
  • We may retain de-identified usage data for product analytics

If you are required by law to retain patient records for a specific period, you are responsible for exporting and storing those records before cancellation.

9. Your rights

Depending on your location and applicable law, you may have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate or incomplete information
  • Request deletion of your personal information
  • Export your data in a portable format
  • Opt out of non-essential communications

Patients seeking access to their health records should contact their chiropractic practice directly, as the practice is the covered entity responsible for those records. Practices can exercise their data rights by contacting support@chiropracticgrit.com.

10. Cookies & tracking

The Grit marketing website (chiropracticgrit.com) uses minimal cookies necessary for the site to function. We do not use third-party advertising trackers or behavioral profiling cookies.

The Grit application (app.chiropracticgrit.com) uses session cookies required for authentication. These are not used for tracking or advertising purposes.

11. Children's privacy

The Grit platform is not directed at children under 13. We do not knowingly collect personal information from children under 13 without verifiable parental consent. Patient records for minor patients are managed by the treating provider and practice in accordance with applicable healthcare law.

12. Changes to this policy

We may update this privacy policy from time to time. When we do, we will update the "Last updated" date above. For material changes, we will notify active subscribers by email at least 14 days before the change takes effect.

Continued use of the platform after the effective date constitutes acceptance of the updated policy.

13. Contact

For privacy questions, data requests, or to report a concern: