At the very top of our policies page, we state it plainly: We don't sell your data. That banner links directly to clause 11A of our Privacy Policy, which spells out exactly how we handle patient information and why.

You can find all of our policy documents — Terms and Conditions, Privacy Policy, GDPR Compliance Statement, and Cookie Policy — at: https://go.acubliss.app/docs/policies.html

This is not a technicality or fine print. AcuBliss is owned by acupuncturists and built for practitioners. We would never jeopardize the trust you have with your patients, or the trust your patients have with you.

We have options available to us as a company if we chose to monetize patient data. We do not pursue them. We never will.

We are legally required to disclose every third-party service that interacts with any aspect of our platform. This transparency is intentional and required by law — it is not a signal that patient data is being shared broadly. Here is exactly who the third parties are and what they receive:

AcuBliss stores data on Amazon Web Services, the world's largest and most widely used cloud infrastructure platform. AWS hosts the data securely. We have a Business Associate Agreement (BAA) with AWS, which is required under HIPAA for any vendor that stores Protected Health Information (PHI).

Twilio is the service we use to send appointment reminder text messages to patients. The only information that passes to Twilio is a patient's phone number. No health information, no name in combination with health data, no other PHI.

Stripe powers payment processing inside AcuBliss. No Protected Health Information ever enters Stripe's systems. Stripe handles financial transactions only. We have the appropriate agreements in place for how we work with Stripe.

AcuBliss's AI Scribe feature transcribes clinical notes during sessions. The AI does not receive any patient-identifying information. It does not know the patient's name, address, date of birth, or any other identifying detail. It only processes clinical audio — for example, a description of symptoms. The AI does not train on any patient data from AcuBliss sessions.

AcuBliss offers the option for users to sign in using their Google account. Because we provide this feature, we are required to list Google as a third party. We do not share patient health information with Google. The only thing Google is informed of is that our platform permitted a login through their service.

Others are listed in the Privacy Policy, there's a detailed cookie policy - we really do take your patient's data

Any vendor that handles Protected Health Information as part of our platform has a signed Business Associate Agreement (BAA) with us. A BAA is a formal contract required by HIPAA that holds vendors legally accountable for protecting health information.

When PHI does travel between systems, it does so using anonymized tokens or patient IDs — not names, addresses, or other directly identifying information. This is standard HIPAA-compliant architecture.

Patients have the right to request removal of their data, and AcuBliss gives you a clear, built-in way to fulfill that request.

To delete a patient's record, go to that patient's chart in your dashboard and scroll to the bottom of the page. There you will find a Delete button. Clicking this removes all Protected Health Information from the system — name, address, phone number, clinical notes, and all other identifying health data. Financial records such as reporting data remain intact but are fully anonymized.

This download includes demographics, invoices, SOAP notes, informed consent documents, signed forms, patient health forms, and message history. You can also access this download directly from the patient's chart for approximately one to two weeks after deletion.

This section is informational and does not constitute legal advice. We recommend consulting your own legal or compliance advisor for guidance specific to your practice.

As a healthcare provider, you have a professional obligation to maintain accurate clinical records for every patient you treat — including scheduling, SOAP notes, and any products or herbs dispensed. If a patient insists on full data removal and you comply, you may find yourself unable to continue providing that patient with adequately documented care.

Practices in this situation sometimes choose to inform the patient that they cannot accommodate the removal request while continuing care, or offer that the patient may transition to paper-based charting. Some practices conclude that continued care is not possible under those conditions as it's a burden that can't be accommodated. That is a clinical and business decision each practice must make for itself.

AcuBliss provides the tools to fulfill a deletion request when you choose to do so. We also ensure that your records are preserved for download before anything is removed.

The full detail of how we handle patient data is available in our policy documents at https://go.acubliss.app/docs/policies.html.