Trust foundation

Privacy Policy

Last updated July 1, 2026

Clover is built for healthcare practices that need a careful, organized way to launch providers and keep them ready to bill. This Privacy Policy explains the information Clover may collect, how it is used, and the choices practices and users have.

Information Clover collects

Clover may collect account information such as names, email addresses, practice names, roles, provider counts, and communication preferences.

Clover may also collect provider launch information such as NPI details, provider profile information, licenses, DEA information, malpractice documents, CVs, CAQH-related details, payer readiness notes, renewal dates, uploaded evidence, and operational activity needed to help a practice move a provider toward billing.

How information is used

Clover uses information to help practices launch providers, collect only what is missing, build Provider Workspaces, create payer roadmaps, track billing readiness, watch renewals, explain blockers, and recommend next actions.

Clover may also use information to provide support, maintain security, improve product quality, communicate service updates, and understand how the product is being used.

How information is shared

Clover does not sell customer or provider information. Clover may share information with service providers that help operate the product, such as hosting, storage, email delivery, analytics, support, security, and infrastructure vendors.

Clover may also share information when a practice directs Clover to do so, when required by law, to protect the security or integrity of the service, or in connection with a business transaction such as a merger, acquisition, or financing.

Security and retention

Clover is designed to protect sensitive provider launch information with access controls, encryption, secure infrastructure practices, and audit-aware product design.

Clover retains information for as long as needed to provide the service, comply with legal obligations, resolve disputes, maintain security, and support legitimate business needs. Retention periods may vary depending on the type of information and customer configuration.

Customer choices

Customers may request updates, exports, or deletion of certain account information, subject to contractual, legal, security, and operational limits. Some records may need to be retained for audit history, compliance, billing, dispute resolution, or security purposes.

Practices are responsible for ensuring they have appropriate authority to provide provider information to Clover and to invite providers into Clover workflows.

Healthcare and compliance

Some information handled by Clover may be sensitive healthcare or provider credentialing information. Clover is being designed with HIPAA-conscious architecture, but this Privacy Policy does not itself create a Business Associate Agreement.

Where a Business Associate Agreement is required, Clover and the customer must execute one before Clover is used for regulated protected health information in that context.

Contact

Questions about privacy can be directed through the Contact page. As Clover grows, this policy may be updated to reflect new product capabilities, vendors, customer controls, and legal requirements.