Effective May 11, 2026
ZorroCare helps clients find providers, book care, coordinate appointments, handle billing workflows, and optionally use integrated telehealth and AI note tools. This notice explains our current privacy practices for the demo and pre-launch platform.
ZorroCare operates the booking and care-coordination platform. Therapists and practices remain responsible for their professional services and clinical records. Depending on the workflow, ZorroCare may act as the platform operator, service provider, processor, or custodian for data handled on behalf of a provider or practice.
We collect account details, contact information, appointment details, booking notes, payment and invoice status, messages, provider profile data, practice staff access records, audit logs, and support communications. Health-related booking notes, clinical session notes, transcripts, and AI note drafts are treated as sensitive data.
We use data to create accounts, verify access, show provider availability, book and manage appointments, send transactional emails, process or track payments, coordinate telehealth rooms, sync calendars, maintain security logs, support providers, and comply with legal or professional obligations.
Booking requires explicit consent for platform processing, cross-border processing, sensitive health data handling, and terms. Optional Zoom transcript and AI note processing uses a standing consent model: after the first acceptance, future eligible bookings rely on that consent unless it is withdrawn or materially changed.
ZorroCare may store or process data outside Panama through contracted infrastructure, email, calendar, telehealth, payment, AI, analytics, and support vendors. We use vendor contracts and security review as transfer safeguards and maintain an internal subprocessor register.
When enabled for a built-in Zoom session, the provider's connected Zoom account or ZorroCare's configured fallback Zoom account may cloud record the session to create an audio transcript. ZorroCare downloads transcript files only, stores transcript text encrypted, and does not store Zoom audio or video recordings. Transcript content may be sent to the configured AI provider to create therapist-only draft notes. Clients, coordinators, and normal admin views do not receive transcript or AI-note content.
Some providers collect payment directly. In those cases, ZorroCare may still track invoice status, appointment status, and payment instructions, but the provider is responsible for the payment method and receipts they collect outside the platform.
We keep data while an account, appointment, provider relationship, legal requirement, or operational need remains active. Transcript and AI-note retention is currently until therapist deletion in V1. Some clinical, billing, audit, and security records may need to be retained even after a deletion request.
You may request access, correction, update, deletion or cancellation, objection, portability, and confidentiality review of your personal data. We will verify the requester before acting and may limit requests where clinical, legal, security, or billing retention duties apply.
We use role-based access controls, appointment access checks, encrypted transcript storage, privacy-safe calendar and email copy, audit logs for sensitive transcript access, and least-privilege operational pages. We are still completing production controls such as staff MFA, vendor DPAs, formal access reviews, and breach-response testing.
This notice does not replace provider clinical agreements, informed consent, or legal advice. For questions about a specific appointment, contact your provider. For privacy requests, email privacy@zorrocare.com.