Privacy Policy

1) Information We Collect

A. Information you provide

• Account data: name, email, phone, role, organization, login credentials (stored as secure hashes where applicable).
• Patient-submitted data (when enabled by a Customer): contact details, insurance images, ID images, forms, and related intake information.
• Support communications: messages, attachments, and metadata you share with our support team.

B. Information collected automatically

• Usage data: pages viewed, actions taken, timestamps, device/browser info, approximate location (IP-derived).
• Cookies/analytics: cookies and similar technologies for authentication, security, and product analytics.
• Log data: system logs, audit logs, and security events (e.g., login attempts, token exchanges).

C. Information from Customers / integrations

• Customer-provided records: office names, staff lists, request identifiers, workflow states.
• Integrations: data from third-party services you connect (e.g., eligibility/clearinghouse tools) as configured by the Customer.

2) How We Use Information

• Provide and operate the Services (document requests, secure links, uploads, processing, and delivery).
• Secure the Services (fraud prevention, abuse detection, authentication, access control, and auditing).
• Improve product performance and user experience (debugging, analytics, feature development).
• Customer support and communications (responding to tickets, outage notices, transactional messages).
• Legal and compliance (meeting obligations, enforcing terms, protecting rights and safety).

3) How We Share Information

We may share information in the following limited circumstances:

• With Customers: data submitted by patients is accessible to the Customer that initiated the request.
• Service providers: infrastructure, storage, logging, and support vendors who process data on our behalf under contractual protections.
• Legal/safety: to comply with law, protect rights, prevent fraud/abuse, or respond to lawful requests.
• Business transfers: merger, acquisition, or asset sale (with appropriate protections).

4) HIPAA / PHI Considerations

If you are a Customer subject to HIPAA, and our Services involve Protected Health Information (“PHI”), we will handle PHI as described in our agreement with you (including a BAA if required). Patients should contact their healthcare provider/office for questions about how their PHI is used by that provider.

5) Data Security

We use administrative, technical, and physical safeguards designed to protect information. See our Security page for additional detail.

6) Data Retention

• We retain information as needed to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements.
• Retention for patient documents/workflows is typically controlled by the Customer’s configuration and contract terms.
• Audit/security logs may be retained longer to support compliance and incident investigation.

7) Your Choices

• Account updates: Customers can update staff account details through admin settings.
• Cookies: you can manage cookies in your browser; some cookies are required for core functionality.
• Marketing emails: you can opt out via unsubscribe links (if applicable).

8) Children’s Privacy

The Services are not intended for children under 13, and we do not knowingly collect personal information from children under 13.

9) International Users

If you access the Services from outside the United States, your information may be processed in the United States or other jurisdictions where we or our service providers operate.

10) Changes to This Policy

We may update this Privacy Policy from time to time. The “Last Updated” date above indicates when this policy was last revised.

11) Contact Us