Back to Home

Privacy Policy

Last updated: March 9, 2026

1. Introduction

Shift Warden LLC d/b/a ClinicWarden ("we," "our," or "us") operates ClinicWarden, a compliance tracking platform for behavioral health clinics. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. HIPAA-Safe Design

ClinicWarden is designed to be HIPAA-safe by architecture. We do not store Protected Health Information (PHI). Specifically:

  • We store client identifiers (e.g., "CL-4521"), not patient names
  • We store treatment plan dates and status, not clinical content
  • We store clinician work assignments, not patient diagnoses or notes
  • Your Electronic Health Record (EHR) system should remain the system of record for all PHI

3. Information We Collect

Account Information

  • Email address
  • Name
  • Organization name
  • Password (encrypted)

Usage Data

  • Log data (IP address, browser type, pages visited)
  • Device information
  • Cookies and similar technologies

Compliance Data

  • Client identifiers (NOT patient names)
  • Treatment plan dates and status
  • Clinician assignments
  • Program information

4. How We Use Your Information

  • To provide and maintain our service
  • To notify you about changes to our service
  • To provide customer support
  • To gather analysis to improve our service
  • To monitor usage of our service
  • To detect and prevent technical issues

5. Cookies and Tracking

We use cookies and similar tracking technologies to maintain your session and improve the service. These include:

  • Essential cookies: Required for authentication and session management
  • Functional cookies: Remember your preferences and settings

We do not use third-party advertising cookies or cross-site tracking technologies.

6. Data Security

We implement appropriate security measures including:

  • Encryption of data in transit (TLS 1.2+)
  • Encryption of data at rest (AES-256)
  • Regular security assessments
  • Role-based access controls and authentication
  • Secure cloud infrastructure (Supabase/AWS, US-based)

For more information, see our Security & Compliance page.

7. Data Retention

We retain your data for as long as your account is active or as needed to provide services. Upon account cancellation, data is retained for 30 days and then permanently deleted. You may request immediate deletion of your data at any time by contacting founder@clinicwarden.com.

8. Third-Party Services

We use a limited number of trusted third-party service providers to deliver our platform, including providers for database and authentication, application hosting, payment processing, transactional email, and rate limiting. All providers are located in the United States.

A detailed list of sub-processors is available upon request at clinicwarden.com/subprocessors.

9. Data Residency

All customer data is stored and processed within the United States. Our infrastructure providers maintain data centers in the US East region. We do not transfer personal data outside of the United States.

10. Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Export your data
  • Opt out of marketing communications

California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your rights, contact founder@clinicwarden.com.

11. Contact Us

If you have questions about this Privacy Policy, please contact us at:

Email: founder@clinicwarden.com
Company: Shift Warden LLC d/b/a ClinicWarden

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.