Logo
Celerity Solutions

PRIVACY AND DATA PROTECTION POLICY

Part I

Celerity Solutions Website

1. DATA CONTROLLER

Celerity Solutions acts as the Data Controller for data collected through the website celeritysolutions.ai.

2. DATA COLLECTED

  • Contact forms: Name, email address, company, and message submitted by the visitor.
  • Chat widget: Messages and information voluntarily shared during the conversation.

3. PURPOSE

Data collected through the website is used exclusively to:

  • Respond to commercial and technical inquiries.
  • Contact potential clients interested in Celerity Solutions products and services.

Celerity Solutions will not transfer this data to third parties or use it for purposes other than those stated without express consent.

4. RETENTION

Lead contact data is retained for a maximum of 12 months from the date of collection, or until the data subject requests its deletion.

5. RIGHTS

The data subject may request access, rectification, deletion, or objection to the processing of their data by writing to: info@celeritysolutions.ai.

Part II

Lyra Application

6. LEGAL FRAMEWORK

This Privacy Policy is drafted in accordance with international personal data protection standards and current local regulations, ensuring the confidentiality of sensitive information processed in Lyra.

7. DATA PROCESSING ROLES

  • Data Controller: The Professional (app user) is the legal owner and responsible party for their patients' data.
  • Data Processor: Celerity Solutions acts solely as a data processor, providing the technical infrastructure for the storage and organization of such information.

8. DATA COLLECTED

  • From the Professional: Name, email, and billing information securely processed by Lemon Squeezy.
  • From Patients: Name, ID number (DNI), contact details, and clinical progress notes (medical records) uploaded by the Professional.

9. PURPOSE AND SECURITY

Data collection is solely for the purpose of providing technical clinical management services. Celerity Solutions commits to:

  • Not using patient data for commercial, marketing, or third-party transfer purposes.
  • Implementing the following technical security measures to prevent unauthorized access:
  • Encryption at rest (AES-256): All stored data is encrypted at rest.
  • Encryption in transit (TLS/HTTPS): All communication between the application and servers is encrypted.
  • Row Level Security (RLS): Each professional can only access their own data. Isolation is enforced at the database level, not the application level.
  • Secure authentication: Login via Google OAuth 2.0 or email OTP code (no stored passwords).
  • Certified infrastructure: Data is stored on Supabase (AWS) servers with SOC2 Type II and ISO 27001 certifications.
  • No access to clinical data: Celerity Solutions does not access, read, or process the content of clinical notes, diagnoses, or medical records.

10. PATIENT CONSENT

The Professional guarantees that they have the Informed Consent of their patients for the processing and storage of their personal and sensitive data on third-party digital platforms, holding Celerity Solutions harmless from any liability for lack of prior authorization.

11. DATA RIGHTS (ARCO) AND PORTABILITY

The Professional may exercise their rights of Access, Rectification, Cancellation, and Opposition regarding their personal data. Regarding patient data, the Professional is responsible for managing such requests directly with the data subjects.

The Professional may at any time export all of their data (patients, sessions, clinical notes, billing) in JSON format from the Settings section of the application, ensuring the right to data portability.

12. RETENTION AND DATA EXPORT

During the active subscription period, the Professional maintains full access to their data. The export functionality is available at all times.

Upon cancellation of the subscription, Celerity Solutions will maintain the Professional's data for a maximum period of 90 (ninety) days to allow for export. After this period, the data will be permanently deleted from our servers to ensure data privacy, and Celerity Solutions will not be responsible for any loss of information not previously exported.

13. SUB-PROCESSORS

The following third-party services participate in data processing:

  • Supabase (AWS): Database and file storage — SOC2 Type II and ISO 27001 certified.
  • Vercel: Application hosting — SOC2 certified.
  • Lemon Squeezy: Payment processing (no access to clinical data).
  • Google: OAuth authentication (login email only).

14. SECURITY INCIDENTS

In the event of a security breach affecting personal data, Celerity Solutions commits to notifying the affected Professional within 72 hours of detecting the incident.