Privacy Policy

Twin Tip Solutions is committed to protecting the privacy and security of your practice and your patients' data.

HIPAA Aligned

Signed BAA with Google Cloud Platform

Minimal Data Collection

We collect only what's necessary for service

Your Control

Clinics control their data and patient information

Effective Date: July 30, 2025 | Last Updated: July 30, 2025

1. Introduction

Twin Tip Solutions LLC ("we," "our," or "us") provides white-label AI-powered mobile applications and web services for medical spas and dermatology clinics (the "Service"). This Privacy Policy explains how we handle information for both clinics using our service and their patients using the white-labeled applications.

2. HIPAA Compliance

✓ HIPAA-Aligned Infrastructure: Twin Tip Solutions operates under a signed Business Associate Agreement (BAA) with Google Cloud Platform, ensuring all data handling meets HIPAA requirements.

  • All infrastructure runs on HIPAA-compliant Google Cloud services
  • Signed BAA with all cloud service providers
  • Zero AI training on patient data per HIPAA requirements
  • Complete audit trails and access logging
  • Regular security assessments and compliance reviews

3. Information We Collect

3.1 For Clinics (B2B Customers)

  • Business contact information (names, emails, phone numbers)
  • Clinic details and branding materials
  • Usage analytics and performance metrics
  • Support communications and feedback

3.2 For App Users (Your Patients)

  • On-Device Only: Photos and analysis results stored encrypted on patient devices
  • When Shared with Clinic: Patient-submitted photos and contact info (with explicit consent)
  • Technical Data: Anonymous device information for app functionality
  • No Background Collection: No location, contacts, or personal data collected

4. How Patient Data Is Handled

Default Privacy Model:

  • All patient data stays on their device by default
  • AI processing happens without cloud storage
  • No patient data visible to Twin Tip Solutions
  • Patients explicitly choose what to share with their clinic

5. Data Sharing and Disclosure

We share information only as follows:

  • With Your Clinic: Patient data shared only when patients explicitly submit it
  • Service Providers: Google Cloud Platform under strict BAA terms
  • Legal Requirements: Only when required by law with appropriate protections
  • Never For: Marketing, advertising, data sales, or AI training

6. Data Security

Encryption

AES-256 encryption at rest and in transit

Access Control

Role-based access with TOTP 2FA

7. Data Retention and Deletion

  • Clinic Data: Retained for duration of service agreement plus 90 days
  • Patient Data on Devices: Controlled entirely by patients
  • Submitted Patient Data: Retained per clinic's retention policy
  • Deletion Rights: Clinics can request data deletion at any time

8. Your Rights

Clinics and their patients have the right to:

  • Access their personal data
  • Correct inaccurate information
  • Request deletion of data
  • Export data in standard formats
  • Opt-out of non-essential communications

9. International Data Transfers

Data may be processed in the United States. We ensure appropriate safeguards through:

  • Google Cloud Platform's global HIPAA-compliant infrastructure
  • Standard contractual clauses where required
  • Adherence to applicable data protection laws

10. Updates to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify clinics of material changes via email and update the "Last Updated" date.

11. Contact Information

Email: reid@twintipsolutions.com

Company: Twin Tip Solutions LLC

Privacy Inquiries: reid@twintipsolutions.com

HIPAA Compliance: reid@twintipsolutions.com

Medical Disclaimer

Twin Tip Solutions' applications are for educational purposes only and do not provide medical diagnoses, treatment recommendations, or medical advice. Users should always consult qualified healthcare providers for medical concerns.