Privacy Policy

TriageX is a patient intake and triage software product built and operated by Entrivo ("we", "us", "our"). TriageX embeds into clinic websites to guide patients through a structured pre-appointment intake flow. If you have questions about this policy, contact us at: hello@triagex.com

We collect information in two main contexts: From patients completing a triage flow: - Body region and symptom information entered during the intake flow - Contact details (name, email, phone number) provided at the end of the flow - Answers to structured intake questions and any free-text input - Triage outcome and flagged concerns generated by the system From clinic users (practitioners and clinic staff): - Login credentials (email address and hashed password — never stored in plain text) - Clinic configuration details (name, branding, booking URL, contact details) - Usage data related to the clinic dashboard We do not collect payment card details directly. Any billing is handled via third-party payment processors subject to their own privacy policies.

Patient intake data is used to: - Generate a structured triage summary for the clinic - Deliver a submission report to the clinic via email or dashboard - Support the clinic in preparing for the patient appointment - Improve the clinical logic and question flows within TriageX (in anonymised aggregate form only) Clinic user data is used to: - Provide dashboard access and manage clinic settings - Deliver submission reports and notifications - Communicate service updates and support messages

All data is stored in a PostgreSQL database hosted on Supabase, with access controls and encryption at rest. Patient submission data is associated with the clinic that received it and is not shared with other clinics or third parties. Access to the clinic dashboard is protected by authenticated sessions. Passwords are stored using a one-way cryptographic hash — we cannot recover your password. We use Resend to deliver triage report emails. Email transmission is protected by TLS encryption.

Patient submission data is retained for as long as the clinic's TriageX account remains active, or as required to fulfil the purposes described in this policy. Clinics may request deletion of their data at any time. When a clinic account is closed, associated submission data is deleted within 30 days unless a different retention period is required by applicable law.

We do not sell personal data to third parties. We do not use patient intake data for advertising or profiling. We share data only with: - The clinic that received the patient submission (this is the core function of the product) - Infrastructure and service providers necessary to operate TriageX (database hosting, email delivery), under data processing agreements - Legal authorities where required by law

TriageX uses session cookies to manage authenticated clinic dashboard access. These are strictly functional and are not used for advertising or behavioural tracking. We may use basic analytics tools to understand how the intake flow is used in aggregate. No personally identifiable information is shared with analytics providers.

If you are a patient or clinic user in the UK or EEA, you have the right to: - Access the personal data we hold about you - Request correction of inaccurate data - Request deletion of your data ("right to be forgotten") - Object to certain types of processing - Request a portable copy of your data To exercise any of these rights, contact us at hello@triagex.com. We will respond within 30 days.

TriageX provides the intake platform. Clinics are responsible for ensuring their use of TriageX complies with applicable data protection laws, including GDPR where relevant. Clinics should ensure their own privacy notices inform patients that a third-party intake tool is used. Clinics act as data controllers for the patient intake data they receive. Entrivo acts as a data processor on their behalf.

We may update this policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Material changes will be communicated to clinic users directly. We encourage you to review this policy periodically.

For any privacy-related questions or requests, please contact: Entrivo (TriageX) Email: hello@triagex.com We aim to respond to all enquiries within 5 business days.