Enterprise Privacy Policy

Finit Systems provides the EZAppointo Platform as software infrastructure for healthcare Providers.

• Providers are the data controllers of patient medical and appointment data.
• Finit Systems acts as a data processor or service provider on behalf of Providers.

Finit Systems is not a healthcare provider and does not diagnose, treat, or provide medical care.

Patient Data:

• Name, phone number, email;
• Appointment date, time, provider, location;
• short lived, 24 hour deletion policy;
• Communications metadata.

Provider Data:

• Provider name, clinic name, contact information;
• Account credentials;
• Scheduling configurations.

Technical Data:

• IP address;
• Device identifiers;
• Log activity.

Payment Data:

• Stripe payment tokens;
• Subscription billing information;
• Transaction metadata.

Finit Systems does not store full credit card numbers.

Video Consultation Data:

• Session timestamps;
• Connection diagnostics;
• In-session communications.

Sessions are not recorded by default.

Finit Systems may process PHI on behalf of Providers.

Finit Systems implements safeguards including:

• access control restrictions;
• encryption in transit;
• authentication protections; and
• monitoring and logging.

Providers are responsible for determining the PHI content entered into the Platform.

Where applicable under U.S. law, Finit Systems may function as a Business Associate with respect to PHI processed through the EZAppointo Platform.

Providers must execute a Business Associate Agreement with Finit Systems where required.

Finit Systems processes PHI solely to provide Platform services and does not use PHI for advertising or resale.

Providers are responsible for HIPAA compliance in their clinical workflows.

Finit Systems sends transactional SMS messages through the EZAppointo Platform to users who have explicitly opted in during the appointment booking or account registration process. Message types include appointment confirmations, appointment reminders, rescheduling notifications, video consultation links, and one-time verification (OTP) codes.

Opt-In: Customers can opt-in to receive SMS messages from the EZAppointo Platform by providing their phone number and checking the SMS consent checkbox through any of the following methods:

• During the initial customer registration process.
• When submitting a guest booking form.
• By updating their preferences within their user profile settings.

Message Frequency: Message frequency varies based on your appointment activity.

Message & Data Rates: Standard message and data rates may apply depending on your mobile carrier plan.

Opt-Out: You can opt out of SMS communications from the EZAppointo Platform at any time through either of the following methods:

• Via Text: Reply STOP to any message you receive from us. You will receive one final confirmation message, after which no further messages will be sent.
• Via Profile Settings: Log into your account and uncheck the SMS consent checkbox in your user profile.

Help: Reply HELP to any message or contact us at info@finitsystems.com for assistance.

Carriers: SMS messages are transmitted via third-party telecommunications providers. Delivery cannot be guaranteed. Finit Systems is not liable for delayed or undelivered messages.

5.1 SMS Consent and Data Sharing

We will not share your opt-in to an SMS campaign with any third party for purposes unrelated to providing you with the services of that campaign. We may share your Personal Data, including your SMS opt-in or consent status, with third parties that help us provide our messaging services, including but not limited to platform providers, phone companies, and any other vendors who assist us in the delivery of text messages.

Important Data Exclusion: All of the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties. No mobile information will be shared with third parties or affiliates for marketing or promotional purposes.

Data is retained only as necessary for operational, contractual, and legal purposes.

Providers are responsible for medical record retention requirements.

If Finit Systems becomes aware of a confirmed unauthorized access event affecting regulated PHI, Finit Systems will notify affected Providers without unreasonable delay, consistent with applicable law and contractual obligations (including any applicable Business Associate Agreement).

Providers are responsible for regulatory reporting and patient notification unless otherwise agreed in writing.

Users may request:

• access to their personal information;
• correction of their personal information; and
• deletion of their personal information.

Requests may be sent to info@finitsystems.com.

Patients should contact their Provider for medical record requests.

To the maximum extent permitted by law, Finit Systems shall not be liable for:

• Provider misuse of the Platform;
• Provider PHI handling violations;
• user credential compromise;
• third-party integration security failures; or
• telecommunication delivery failures.

To the maximum extent permitted by law, Finit Systems' liability in connection with data processing under this Policy is limited as set forth in the applicable Underlying Agreement.

Finit Systems uses cookies on the EZAppointo Platform to:

• maintain sessions;
• improve performance; and
• enhance security.

Users may disable cookies through their browser settings, though doing so may affect Platform functionality.

Finit Systems may update this Privacy Policy from time to time. The "Last Updated" date indicates the latest revision. Continued use of the Platform constitutes acceptance of the revised Policy.

Finit Systems Inc.

Operator of the EZAppointo Platform

Email: info@finitsystems.com