Dicyd Privacy Policy
Last Updated: February 2026
Dicyd, Inc. ("Dicyd," "we," "us," or "our") values your privacy. This Privacy Policy explains how we collect, use, disclose, and protect information when you use Dicyd's websites, intake pages, portals, APIs, messaging services, and related services (collectively, the "Services").
By using the Services, you agree to this Privacy Policy.
Section 1. Scope of This Policy
This Privacy Policy applies to:
- Patients interacting with Dicyd intake pages or messaging flows
- Clinics and clinic staff using Dicyd portals or APIs
- Visitors to dicyd.com and related domains
Dicyd is not a healthcare provider and does not provide medical care. We process information on behalf of clinics to support administrative decision-making prior to appointments.
Section 2. Information We Collect
A. Information You Provide
Patients may provide:
- Name
- Phone number
- Email address
- Date of birth
- Insurance carrier and plan details
- Member ID
- Referral or authorization indicators
- Visit reason and appointment-related administrative information
- Messages submitted via SMS or web intake
Clinics and staff may provide:
- Name, email, role, and login credentials
- Practice and location details
- Configuration, rules, and preferences
- API integration data
B. Information Collected Automatically
We may automatically collect:
- IP address
- Device and browser information
- Log data (timestamps, request paths)
- Message delivery status (e.g., SMS sent, delivered, or failed)
- Usage and performance metrics
C. Information From Integrations
If enabled by a clinic, Dicyd may receive limited data from scheduling systems, messaging providers (e.g., SMS gateways), or other authorized systems.
Dicyd does not scrape or independently source patient data.
Section 3. How We Use Information
We use information to:
- Support intake completion and administrative routing
- Determine appointment readiness states
- Create staff tasks and notifications
- Send transactional SMS messages (with consent)
- Operate, secure, and improve the Services
- Comply with legal and contractual obligations
Dicyd does not sell personal information or use it for advertising.
Section 4. How We Share Information
We may share information:
- With the clinic associated with the intake or case
- With service providers acting on our behalf (e.g., cloud hosting, SMS delivery platforms) solely to operate the Services
- When required by law, regulation, or legal process
- To protect security, rights, or safety
We do not share, sell, or rent personal information to third parties for their marketing or promotional purposes.
Section 5. HIPAA and Health Information
Dicyd may process administrative health-related information on behalf of clinics. When acting as a service provider to covered entities, Dicyd functions as a business associate and processes data under applicable agreements.
Dicyd does not:
- Store full medical records
- Provide diagnosis or treatment
- Make clinical decisions
Section 6. SMS, Mobile, and Text Messaging Privacy
This section describes how we handle information collected in connection with our SMS text messaging program ("Dicyd Appointment Notifications").
6.1 What We Collect
When you opt in to receive SMS messages through a clinic's intake form, we collect:
- Your mobile phone number
- Your SMS opt-in consent status and timestamp
- The content of inbound messages you send in reply (e.g., YES, NO, STOP, HELP)
- Message delivery status data (queued, sent, delivered, or failed)
6.2 How We Use Mobile Information
We use your mobile phone number and related data solely for the purpose of sending appointment-related communications on behalf of the clinic where you submitted your intake request. These messages may include:
- Appointment confirmation requests
- Scheduling links
- Requests for missing intake information
- Outstanding balance notifications
- Responses to your HELP or STOP requests
We do not use your mobile phone number to send marketing, promotional, or advertising messages.
6.3 Mobile Information Sharing
We will never sell, rent, loan, trade, lease, or otherwise distribute your mobile phone number, SMS opt-in data, or any personal information collected through our SMS program to third parties or affiliates for marketing or promotional purposes.
Your mobile information may be shared only with: (a) the healthcare clinic on whose behalf the message is sent, and (b) our SMS delivery service provider (currently Twilio), solely to transmit messages. These service providers are contractually prohibited from using your data for any other purpose.
6.4 Consent
SMS consent is collected through an unchecked opt-in checkbox on the clinic's intake form. The checkbox is not pre-selected and is not required to submit your appointment request.
Consent to receive SMS messages is not a condition of purchase, service, or appointment scheduling. If you do not opt in, clinic staff will contact you by other means.
6.5 Opt-Out
You may opt out of receiving text messages at any time by texting STOP to the number from which you received messages. After you send STOP, you will receive a single confirmation message and will not receive further messages unless you opt in again.
You may also request opt-out by emailing hello@dicyd.com.
6.6 Help
For assistance with our messaging program, reply HELP to any message or contact us at hello@dicyd.com.
6.7 Message Frequency and Rates
Message frequency varies based on your appointment request status. Message and data rates may apply. Contact your wireless carrier for details about your text messaging plan.
6.8 Carrier Liability
Carriers (including but not limited to AT&T, T-Mobile, Verizon, and Sprint) are not liable for delayed or undelivered messages.
6.9 Data Retention for SMS
SMS message content and delivery records are retained for operational purposes for a limited period (typically 30 to 90 days) and are then deleted or anonymized. Your phone number remains associated with your case record for the duration of the case lifecycle.
Section 7. Data Retention
We retain information only as long as necessary to:
- Support clinic operations
- Meet legal and contractual requirements
- Resolve disputes
- Maintain system integrity
Retention periods may vary by data type and clinic configuration. Typical retention periods are:
- Case records (closed): 90 days
- Decision audit trail: 1 year
- SMS message content: 30 days
- Evidence records: same as the associated case
Section 8. Security
We use administrative, technical, and physical safeguards to protect information, including:
- Access controls and role-based permissions
- Encryption in transit (TLS)
- Audit logs for all decisions and state changes
- Rate limiting and monitoring
- Webhook signature verification
- Practice-based data isolation (multi-tenant architecture)
No system is 100% secure, but we design Dicyd to be deterministic, auditable, and scoped.
Section 9. Your Choices and Rights
Depending on your role and jurisdiction, you may:
- Request access to your information
- Request correction of inaccurate data
- Request deletion, subject to legal and operational requirements
- Opt out of SMS messages at any time by replying STOP
Requests should be directed to the clinic or to Dicyd using the contact details below.
Section 10. Cookies and Tracking
Dicyd uses limited cookies and similar technologies for:
- Session management (portal login)
- Security (CSRF protection)
- Basic analytics
We do not use third-party advertising trackers or sell cookie data.
Section 11. Children's Privacy
Dicyd is not intended for use by children under 13. We do not knowingly collect personal information from children. If we learn that we have collected information from a child under 13, we will delete it promptly.
Section 12. Changes to This Policy
We may update this Privacy Policy from time to time. Updates will be posted with a revised "Last Updated" date.
Continued use of the Services constitutes acceptance of the updated policy.
Section 13. Contact Us
If you have questions about this Privacy Policy or wish to exercise any of your rights, please contact us: