Privacy Policy
Last updated: December 2nd 2025
1. Introduction
CopyCat Technologies (“CopyCat,” “we,” “us,” or “our”) provides software and automation tools designed for dermatology clinics and related healthcare providers. We recognize the sensitivity of patient information and are committed to safeguarding the privacy and security of all data entrusted to us. This Privacy Policy describes how we collect, use, store, share, and protect information, including Protected Health Information (PHI) and Personally Identifiable Information (PII).
2. Information We Collect
2.1 We collect patient data that may include PHI, medical records, images, documentation, diagnoses, treatment plans, prescriptions, appointment notes, and clinical history.
2.2. We collect personal information such as names, emails, phone numbers, and other identifiers provided by clinics or patients.
2.3. We collect clinic and user data such as staff names, roles, contact information, usage patterns, preferences, and settings used within the system.
2.4. We collect technical data, including IP addresses, device and browser information, and audit logs generated by system activity.
2.5. We obtain information directly from clinics, authorized staff, patients when applicable, and from integrated systems such as EHR platforms.
3. Purpose of Collection
3.1 We collect and use data to deliver our software services and automation tools, support clinical workflows, reduce administrative burden, assist with documentation and reporting, and improve product performance. Data may also be used to develop new features, enhance user experience, and comply with legal, regulatory, and security obligations. We do not use patient data for advertising, marketing, or commercial resale.
4. Legal Basis and HIPAA Compliance
4.1 CopyCat is committed to compliance with HIPAA and applicable privacy laws. We enter into Business Associate Agreements (BAAs) with covered entities and business associates when required. We follow HIPAA standards for minimum necessary access, encryption, access controls, audit logging, breach notification, and other safeguards. Detailed information about our compliance posture, security controls, and subprocessors is available at Trust & Safety.
5 Data Storage and Security
5.1 We store data using industry standard encryption, access control, and monitoring mechanisms. We maintain role based access controls, audit logs, incident response procedures, and secure development practices to protect PHI and PII. Data is stored in the United States unless otherwise disclosed. We retain PHI and PII only for as long as necessary to provide services or comply with applicable laws.
6. Service Providers and Subprocessors
6.1 We may update this Privacy Policy from time to time. Any changes will be posted on this page, and the "Last updated" date at the beginning of the policy will be revised accordingly. Please review this policy periodically to stay informed of our practices.
7. Use of Data for AI and Machine Learning
7.1 CopyCat does not use patient data to train internal or external AI models. Any AI features provided through the platform rely on pre-trained models that do not learn from, store, or retain patient data entered into the system.
8. Patient Rights and Requests
8.1 Patients may request access to their data at any time through their clinic. Patients may also request corrections, deletions, or copies of their records when permitted by law. The clinic controlling the medical record is responsible for fulfilling such requests unless otherwise required by law.
9. Deletion Requests
9.1 To request deletion of patient data, please contact hello@runcopycat.com. Clinics must ensure that deletion requests comply with applicable medical record retention requirements.
. Data Breach Notification
10.1 If a breach involving PHI occurs, we will notify affected covered entities without unreasonable delay and in accordance with HIPAA requirements.
11. Changes to this Policy
We may update this Privacy Policy periodically. Any updates will be posted on our website with a revised effective date.