Last updated: March 22, 2026
We collect: (a) account information (name, email, role); (b) usage data (login times, pages accessed, actions performed); (c) Protected Health Information (PHI) that you access or create as part of your job duties.
Information is used to: (a) provide and maintain the Service; (b) authenticate and authorize users; (c) comply with HIPAA audit requirements; (d) monitor for unauthorized access or misuse; (e) improve the Service.
All data is encrypted in transit (TLS/HTTPS) and at rest (AES-256). Data is stored in HIPAA-compliant infrastructure with appropriate Business Associate Agreements (BAAs) in place. Access is controlled through role-based permissions and multi-factor authentication.
Audit logs are retained for a minimum of 6 years as required by HIPAA. Patient records are retained per applicable federal and state regulations. Account data is retained for the duration of your employment or contract, plus any required retention period.
We do not sell or share personal information with third parties except as required to provide the Service (e.g., cloud infrastructure providers with BAAs) or as required by law.
You may request access to your account data by contacting your administrator. PHI access rights are governed by HIPAA and applicable state laws.
For privacy inquiries, contact your organization's Privacy Officer or system administrator.