Skip to Content

Privacy Policy

CORE Health & Injury – Internal Use Mobile Application

Effective Date: April - 20 -2026

CORE Health & Injury Clinic (“CORE Health & Injury,” “we,” “us,” or “our”) respects the privacy of its employees, approved staff, providers, contractors, and other authorized users.

This Privacy Policy explains how we collect, use, store, disclose, and protect information in connection with the CORE Health & Injury mobile application and related web-based services (collectively, the “App”). The App is an internal-use application intended only for approved clinic personnel and authorized users.  

Scope of This PolicyWho May Use the AppInformation We CollectHow We Use InformationLegal Bases for ProcessingLimited Nature of the AppHealth-Related and Sensitive InformationHow We Share InformationTwilio, SendGrid, and Communications ServicesData RetentionData SecurityEmployee ResponsibilitiesYour Choices and RightsCookies, Tracking, and Web TechnologiesInternational TransfersChildren’s PrivacyThird-Party Services and LinksApp Store and Platform DisclosuresChanges to This Privacy PolicyContact Us

Scope of This Policy

This Privacy Policy applies to the CORE Health & Injury mobile application, including any companion web portal or internal systems accessed through the App.

The App is designed for internal operational use. Authorized users may use the App to view work-related information, including hours, schedules, assigned information, consultations, and other clinic-related workflows. The App is not intended for public consumer use.

Who May Use the App

 The App is limited to:

  • employees,
  • approved clinic staff,
  • authorized providers,
  • contractors, 
  • members and,
  • other users expressly approved by CORE Health & Injury.

Unauthorized access or use is prohibited.

Information We Collect

  • Because this is a limited internal-use app, we aim to collect only the information reasonably necessary to operate, secure, and support the App.
  • A. Account and Identity Information

  • We may collect:

    • name,
    • work email address,
    • employee or staff identifier,
    • job title or role,
    • department or clinic assignment,
    • login credentials or authentication-related identifiers.

    • B. App Usage and Device Information

    We may collect:

    • device type,
    • operating system,
    • browser or webview type,
    • IP address,
    • access times,
    • login history,
    • diagnostic logs,
    • crash data,
    • session activity,
    • basic technical identifiers needed for security and troubleshooting.

    • C. Work-Related Information Displayed Through the App

    The App may display internal information already stored in CORE Health & Injury systems, such as:

    • timekeeping or hours information,
    • assigned tasks or workflows,
    • scheduling-related information,
    • internal consultation or clinic coordination data,
    • role-based operational data.

    • Users generally view information through the App rather than upload files or create personal content.

    D. Communications Information

    If we use services such as Twilio or SendGrid to send authentication messages, alerts, notices, or work-related communications, we may process:

    • phone number,
    • email address,
    • message delivery status,
    • communication metadata,
    • limited logs related to message delivery, security, and support.

    • E. Information We Do Not Intend to Collect Through Routine Use

    The App is not designed for employees to upload personal documents, photos, or unrelated personal information during ordinary use. We do not intentionally request unnecessary personal information through the App.

How We Use Information

We may use collected information to:

  • provide access to the App and internal systems,
  • authenticate authorized users,
  • display employee hours and work-related information,
  • manage consultations and internal workflows,
  • maintain clinic operations,
  • provide technical support,
  • monitor performance and reliability,
  • detect, investigate, and prevent fraud, misuse, or unauthorized access,
  • comply with legal, regulatory, employment, or internal policy requirements,
  • send account, security, operational, and work-related notifications.

Legal Bases for Processing

Where applicable under privacy laws, we process information based on one or more of the following:

  • legitimate business interests in operating and securing our clinic systems,
  • performance of an employment, contractor, or business relationship,
  • compliance with legal obligations,
  • consent, where required by law.

Limited Nature of the App

The App is a restricted internal-use tool. Its purpose is operational efficiency and secure access to existing clinic information. It is not intended as a public-facing platform, social platform, file-sharing tool, or consumer health application.

Health-Related and Sensitive Information

 Depending on a user’s role, the App may display limited clinic-related information as part of internal workflows. Access is restricted based on role, authorization, and business need.

CORE Health & Injury expects all authorized users to handle any confidential, medical, employment, or operational information in accordance with:

  • clinic policies,
  • confidentiality obligations,
  • workforce rules,
  • applicable privacy and security laws.

Nothing in this policy grants broader access rights than those provided under internal policy or applicable law.

How We Share Information

 We do not sell personal information.

We may share information only as reasonably necessary in the following circumstances:

A. Internal Personnel

With authorized managers, administrators, IT personnel, and operational staff who need access for legitimate business purposes.

B. Service Providers

With vendors and service providers that help us operate the App and related systems, such as:

  • hosting providers,
  • cloud infrastructure vendors,
  • authentication providers,
  • analytics or monitoring providers,
  • communication providers such as Twilio,
  • email delivery providers such as SendGrid,
  • IT support and security vendors.

These providers are permitted to process data only as needed to provide services to us, subject to applicable contractual and legal obligations.

C. Legal and Compliance Disclosures

If required to do so by law, subpoena, court order, regulatory request, or to protect the rights, safety, property, systems, staff, patients, or operations of CORE Health & Injury.

D. Business Transfers

In connection with a merger, acquisition, restructuring, financing, sale of assets, or similar business event, subject to appropriate confidentiality protections.

Twilio, SendGrid, and Communications Services

 We may use third-party communication providers, including Twilio and Twilio SendGrid, to deliver:

  • one-time passcodes,
  • login verification messages,
  • password reset messages,
  • work-related alerts,
  • internal operational emails,
  • service notifications.

When such providers are used, certain communication-related data may be processed on our behalf, including recipient contact details, delivery information, and related metadata needed to send and secure communications.

Users should understand:

  • message and email delivery may depend on third-party networks and providers,
  • communications may be logged for security, compliance, troubleshooting, and system integrity,
  • non-essential communications, where applicable, may include opt-out mechanisms as required by law.

Data Retention

 We retain information only for as long as reasonably necessary to:

  • provide and support the App,
  • maintain employment and operational records,
  • enforce security measures,
  • comply with legal, tax, regulatory, auditing, and recordkeeping obligations,
  • resolve disputes and enforce agreements.

Retention periods may vary depending on the type of information, our legal obligations, and internal operational requirements.

When information is no longer needed, we may delete it, de-identify it, archive it, or securely dispose of it in accordance with applicable law and our record retention practices.

Data Security

 We use reasonable administrative, technical, and organizational safeguards designed to protect information from unauthorized access, disclosure, alteration, or destruction. These may include:

  • access controls,
  • role-based permissions,
  • password protections,
  • encrypted connections,
  • logging and monitoring,
  • secure hosting environments,
  • vendor management and security practices.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

Employee Responsibilities

 Authorized users are responsible for:

  • maintaining the confidentiality of login credentials,
  • using the App only for authorized work-related purposes,
  • not sharing access with unauthorized individuals,
  • following all clinic privacy, confidentiality, and security policies,
  • promptly reporting suspected unauthorized access, device loss, or security incidents.

Your Choices and Rights

 Depending on your location and applicable law, you may have rights to:

  • request access to certain personal information,
  • request correction of inaccurate information,
  • request deletion where legally permitted,
  • request restriction of certain processing,
  • object to certain processing,
  • receive notice of our privacy practices.

Because this is an internal-use employment and operations app, some rights may be limited by employment law, recordkeeping obligations, legal requirements, security needs, or other permitted exceptions.

To make a privacy-related request, contact us using the information below.

Cookies, Tracking, and Web Technologies

 If the App or related web portal uses webview, browser-based sessions, or similar technologies, we may use necessary cookies, session tokens, or similar technical tools to:

  • keep users signed in,
  • maintain secure sessions,
  • remember settings,
  • support core functionality,
  • detect security events,
  • improve stability and performance.

We do not use unnecessary tracking technologies beyond what is reasonably needed for internal operations, security, and support unless separately disclosed.

International Transfers

 If data is stored or processed outside the state or country where a user is located, we take reasonable steps to ensure appropriate safeguards are in place, as required by applicable law.

Children’s Privacy

 The App is intended only for authorized adult users in a workplace setting. It is not directed to children.

Third-Party Services and Links

 The App may connect to or rely on third-party systems or infrastructure. We are not responsible for the independent privacy or security practices of third-party services except as required by law and applicable agreements.

Users should review any relevant third-party notices where appropriate.


App Store and Platform Disclosures

 If the App is distributed through Apple or another platform, additional privacy labels, permissions disclosures, or platform-specific notices may apply. Those disclosures are intended to supplement, not replace, this Privacy Policy.

Changes to This Privacy Policy

 We may update this Privacy Policy from time to time. When we do, we will revise the “Last Updated” date above. Material changes may be communicated through the App, internal notice, email, or other reasonable means.

Continued use of the App after an update may constitute acknowledgment of the revised policy, to the extent permitted by law.

Contact Us

 If you have questions about this Privacy Policy or our privacy practices, contact:

CORE Health & Injury Clinic

West Valley
Core Health Wellness and Injury Center locations in Utah
(801) 604-2080

2222 W 3500 S Suite B4

West Valley Utah 84119