Privacy Policy

1. Information We Collect

We may collect:

• Account and profile information
• Organization details
• Device and usage data
• Support communications
• Customer-entered data, which may include PHI

We do not sell personal information.

2. How We Use Information

We use information to:

• Provide the Services
• Maintain security and compliance
• Improve system performance
• Respond to support requests
• Generate reports and audits
• Support PHI-based workflows under a valid BAA

3. How We Protect Information

We implement:

• Encryption (in transit and at rest)
• Role-based access controls
• Audit logging
• Secure hosting in HIPAA-compliant environments
• Least-privileged access by staff

4. Information Sharing

We may share information only with:

• Your organization
• Service providers under BAAs or confidentiality agreements
• Regulators when required by law
• Others with your explicit authorization

We never share PHI with advertisers.

5. Data Retention

Data is retained for the duration of your subscription and as required by law or contract.

Upon termination, data can be exported or securely deleted according to your BAA.

6. Your Rights

Your organization may request:

• Access to stored data
• Corrections to personal information
• Export or deletion (where legally permitted)

7. Children's Information

We do not collect data directly from minors.

All PHI is entered by authorized personnel.

8. Contact

For privacy inquiries: contact@tallycare.app