Clarence Health - Data Security & Privacy

Health system grade security. Built for trust.

For more information send an email to info@clarencehealth.com

Data Security

Plain and simple

Clarence Health is designed to protect sensitive information with the same rigor you'd expect from a large health system. We maintain formal security governance, strong technical safeguards, and independent assurance, because trust is foundational to care.

  • We never sell your data to anyone, ever.
  • We operate with a SOC 2 Type II security program.
  • We maintain a HIPAA-aligned privacy and security program and sign Business Associate Agreements (BAAs) with Covered Entities when we handle Protected Health Information (PHI) on their behalf.

Our commitments

Clarence Health does not sell member, caregiver, or partner data to third parties.

Our approach is built around healthcare-grade expectations:

  • Clear accountability and security governance
  • Least-privilege access to systems and data
  • Auditability and operational oversight
  • Vendor risk management and contractual safeguards
  • Continuous improvement and control testing

Compliance & assurance

HIPAA & BAAs

When Clarence Health works with Covered Entities and handles PHI, we do so as a Business Associate and sign BAAs as required. Our HIPAA program includes administrative, physical, and technical safeguards designed to protect PHI and support Covered Entity compliance obligations.

SOC 2 Type II

Clarence Health maintains a SOC 2 Type II security, including ongoing control monitoring and evidence collection to support independent assurance.

Continuous compliance operations

We run an ongoing compliance and security program with documented policies, access controls, monitoring, and incident response procedures, and we regularly review and improve controls.

Security controls

Encryption & secure transmission

  • Data is protected in transit using modern encryption standards
  • Sensitive data is protected at rest using encryption where appropriate
  • Keys and secrets are managed securely with restricted access

Access control & accountability

  • Role-based access controls (RBAC) and least-privilege permissions
  • Multi-factor authentication (MFA) for privileged access
  • Logging and audit trails for sensitive actions and system access

Monitoring, detection, and incident response

  • Continuous monitoring for suspicious activity and system health
  • Documented incident response procedures and escalation paths
  • Regular reviews of security events and follow-through on remediation

Data use is limited to delivering our core services

We use data to:

  • Provide the Clarence experience (conversations, reminders, organization, and guidance)
  • Maintain safety, prevent fraud, and secure our systems
  • Improve product quality, reliability, and user experience
  • Support partner program operations only as needed to deliver the best possible member experience

We share data only in limited, controlled circumstances:

  • With vetted service providers that help us operate Clarence (under strict contractual and confidentiality obligations)
  • With Covered Entities/partners as needed to deliver services and meet program requirements
  • When required by law or to protect safety and security

We do not sell data. And we do not allow third parties to use your data for their own unrelated marketing or other business efforts.

Your choices, data requests, and retention

We retain data only as long as necessary to provide the service, meet legal obligations, and support operational needs. To request to review, update, or delete your personal information, contact us at info@clarencehealth.com

Clarence Health is not a replacement for a clinician and does not provide medical diagnosis or treatment
Terms of ServicePrivacy Policy
©2026 Clarence Health Inc. - All Rights Reserved