Skip to main content
Legal

Privacy Policy

Last updated: July 14, 2026

One policy, organized by how you work with Callie. Find your section below.

Who we are

Callie Health, PC ("Callie") is a Professional Corporation providing telehealth speech therapy in California and Texas. Callie is a HIPAA covered entity and complies with applicable federal and state privacy laws, including the California Consumer Privacy Act (CCPA). The Callie software and the Callie Network are operated by the same team.

This policy explains how we collect, use, disclose, and safeguard information across four audiences.

Part 01

Patients & families

Information we collect

Personal Information

  • Name and contact information (email, phone number, address)
  • Date of birth and age
  • Insurance information (carrier, member ID, group number)
  • Payment information (credit card, HSA/FSA)
  • Appointment scheduling preferences
  • Driver's license or photo ID (for insurance verification)

Protected Health Information (PHI)

We collect health information necessary to provide speech therapy services, including:

  • Speech and language evaluations and assessments
  • Treatment plans, session notes, and progress documentation
  • Relevant medical history and diagnoses
  • Communication from other healthcare providers
  • Insurance claims and billing records

How we use it

We use the information we collect to:

  • Provide and manage speech therapy services
  • Schedule and confirm appointments
  • Verify insurance eligibility and process claims
  • Process payments and billing
  • Communicate with you about your care
  • Comply with legal and regulatory requirements
  • Improve our services and patient care
  • Coordinate care with other providers (with your authorization)

HIPAA

We protect PHI in accordance with HIPAA and the HITECH Act.

Our safeguards include

  • Administrative safeguards: Staff training, access controls, security policies, and a designated privacy officer.
  • Physical safeguards: Secure facilities and workstation security.
  • Technical safeguards: Encryption, audit controls, automatic logoff, and user authentication.

Video conferencing security

  • All telehealth sessions are conducted via Whereby, a HIPAA-compliant platform.
  • We maintain a signed Business Associate Agreement (BAA) with Whereby.
  • Video sessions are encrypted in transit.
  • Sessions are not recorded without your explicit written consent.

Your PHI rights under HIPAA

  • Access and obtain copies of your medical records
  • Request amendments or corrections to your records
  • Receive an accounting of disclosures of your PHI
  • Request restrictions on uses and disclosures of your PHI
  • Request confidential communications (for example, contact at a specific number)
  • Receive a copy of this Notice of Privacy Practices
  • File a complaint with us or the HHS Office for Civil Rights if you believe your privacy rights have been violated

SMS and text messaging

Callie uses your phone number to send appointment reminders and service-related notifications through Twilio. By providing your number and booking an appointment, you consent to receive these messages.

  • Message frequency varies. You may receive up to 4 messages per scheduled appointment.
  • Message and data rates may apply.
  • Reply STOP to opt out at any time.
  • Reply HELP for assistance, or email hello@trycallie.com.
We never sell, rent, or share your mobile phone number or SMS opt-in data with third parties or affiliates for marketing or promotional purposes. Twilio processes your number only to deliver messages for us under strict data processing agreements.

Data retention

  • Adult patient records: minimum 7 years from the last date of service in California, and 7 years in Texas.
  • Minor patient records: until the patient reaches age 18, plus the applicable retention period.
  • Insurance and billing records: as required by law and payer contracts.

Children's privacy

We provide services to children with parental or guardian consent. We collect information about minor patients only as necessary to provide speech therapy and with appropriate authorization. Parents and guardians may access their child's records and exercise privacy rights on their behalf.

Advertising technologies are never used on care pages. The Meta Pixel does not run on appointment booking pages, therapist profile pages, or any page used to schedule or receive care. We never share PHI, patient health information, or appointment details with advertising platforms.
Part 02

Providers who use Callie's software

Your account data

We collect your name, email, phone number, professional details such as NPI and license numbers, and practice information. Stripe handles payments. We do not store full card numbers.

Usage data

We use PostHog to collect product analytics about how the app is used so we can maintain and improve the service.

Your patients' records

Records you create in Callie belong to you and your practice. Callie processes them only to provide the service, as your business associate under a Business Associate Agreement where HIPAA applies. We never use patient records for advertising and never sell them. Access is restricted, and records are encrypted in transit and at rest.

Google Calendar

If you connect Google Calendar, our access and use are covered by the dedicated Provider Privacy Policy.

Service providers and subprocessors

We use service providers under confidentiality agreements, with BAAs where PHI is involved:

  • Supabase: database and authentication.
  • Vercel: web hosting.
  • Stripe: payments.
  • Resend: transactional email.
  • Twilio: SMS.
  • Whereby: telehealth video.
  • Stedi: insurance eligibility and claims clearinghouse.
  • PostHog: analytics.

Export and deletion

You may export your records on request. On termination, we delete or return data, subject to legal retention duties.

Part 03

Clinicians in the Callie Network

Application data

We collect your name, contact information, state, licensure status, whether you operate a solo or group practice, and anything else you submit through the network form or Meta lead forms. We use it to evaluate fit and respond.

Credentialing data

If you join, we collect license numbers, NPI, education and work history, malpractice insurance details, and identifiers required by payers. We share these solely for enrollment with insurance payers, CAQH, and credentialing verification organizations.

Billing on your behalf

We process claims and remittance data needed to bill payers and pay you, along with bank details for ACH payouts.

Marketing communications

You may opt out at any time through the unsubscribe link in our emails or by emailing hello@trycallie.com.

Retention

We retain network and credentialing records as required by payer contracts and applicable law.

Part 04

Website visitors & advertising

Forms

We collect information you voluntarily submit through our network application, demo booking, plan quiz, resource downloads, and Meta Instant Forms. This may include your name, email, phone, state, professional information such as licensure status, and other details you provide. We use it to respond, provide information about Callie, and evaluate eligibility or interest. We never sell it. We share it only with providers supporting scheduling, communications, and analytics under confidentiality agreements.

Analytics

PostHog helps us understand website use. It is configured cookieless, with no cookies or persistent identifiers stored on your device. Campaign parameters (UTMs) from the link you clicked are kept in your browser's local storage so we can attribute a later signup to the correct campaign.

Advertising measurement

The Meta Pixel runs only on marketing pages describing our software for speech-language pathologists. It sets a cookie and shares pages visited and general browser information with Meta.

When you submit a marketing form, we also send Meta a server-side conversion event through the Meta Conversions API. It contains a SHA-256 hash of your email, plus your IP address and browser user agent. A shared event ID lets Meta deduplicate the event against the pixel. This measures ad performance and never includes health information.

The pixel and Conversions API never run on booking, therapist, or patient care pages. We never share PHI or appointment details with advertising platforms.

Your choices

  • Adjust your Meta ad preferences at facebook.com/adpreferences.
  • Opt out of interest-based advertising at optout.aboutads.info.
  • Block or delete cookies through your browser controls.
  • Email hello@trycallie.com and we will honor your opt-out request.
Part 05

Rights, security & contact

California privacy rights

California residents have rights under the CCPA and CPRA:

  • Know: Request the categories and specific pieces of personal information we collected.
  • Delete: Request deletion, subject to exceptions including HIPAA-protected records.
  • Correct: Request correction of inaccurate personal information.
  • Opt out: Opt out of sharing for cross-context behavioral advertising through the choices above. We do not sell personal information.
  • Non-discrimination: We will not discriminate against you for exercising your rights.

Email hello@trycallie.com to make a request. We respond within 45 days.

HIPAA-covered records are exempt from certain CCPA requirements and are retained under HIPAA requirements.

Texas privacy rights

Under the Texas Data Privacy and Security Act, Texas residents may request access, correction, deletion, or portability, and may opt out of targeted advertising. Under the Texas Medical Records Privacy Act and other state laws:

  • You may access and obtain copies of your medical records.
  • You may request amendments to your records.
  • We will not disclose health information without authorization except as permitted by law.
  • You have the right to receive notice of a breach affecting your information.

If we decline a request, you may appeal by replying to our decision. We respond to appeals within 60 days. If you remain unsatisfied, you may contact the Texas Attorney General.

Data security

  • Encryption of data in transit and at rest
  • Secure access controls and multi-factor authentication
  • Regular security assessments and updates
  • Employee training on data protection and HIPAA compliance
  • Telehealth through a HIPAA-compliant, BAA-covered video platform
  • Data stored on HIPAA-compliant cloud infrastructure

Information sharing summary

We may share information with:

  • Healthcare providers involved in your care, with your authorization.
  • Insurers for eligibility verification and billing.
  • Legal authorities when required by law.
  • Service providers under strict confidentiality agreements and BAAs where required.
We never sell your personal information.

Changes to this policy

We may update this policy. We will post the updated policy here, change the "Last updated" date, and may email you about material changes.

Contact

Contact us with questions, concerns, or privacy-rights requests.

Callie Health, PC
Privacy Officer
Email: hello@trycallie.com

You may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights if you believe your privacy rights were violated.