Privacy Policy
Overview
We collect and maintain certain limited client information to provide, manage, and support our services. This Privacy Policy explains what information we collect, how we use and secure it, and our commitments regarding sharing and marketing.
Data We Collect
We collect information submitted directly by point-of-service providers, limited to:
- Demographic information (e.g., name, date of birth, contact information, address)
- Service dates (dates of care or services provided)
- Balance information (amounts owed, payments, billing status)
Source of Data
All data is provided directly by point-of-service providers (for example, health care providers or their administrative systems) and is supplied to us under applicable healthcare admission agreements and through commercial applications used by those providers.
Purpose and Use of Data
We use the collected information only for the following purposes:
- Provision, administration, and support of services agreed with the provider
- Billing, payment processing, account reconciliation, and related financial operations
- Recordkeeping, auditing, regulatory compliance, and internal reporting
- Security, fraud prevention, and system maintenance
We do not use the data for profiling, automated decision-making that affects individuals outside the scope of service delivery, or unrelated analytics unless explicitly agreed with the provider.
Sharing and Marketing
We do not sell, rent, trade, or otherwise share personal data with third parties for their own marketing purposes.
We will not use or disclose the information for third-party marketing.
Data may be disclosed only as required by law (e.g., court order or legal process) or as necessary to fulfill the purposes in Section 4, and then only to parties bound by confidentiality and use restrictions (such as processors acting on our behalf under written agreements).
Data Security
We implement stringent administrative, technical, and physical safeguards to protect data, including controls required by applicable healthcare admission agreements and commercial application standards. Measures include access controls, encryption in transit and at rest where appropriate, secure storage, and regular security reviews.
Data Retention and Deletion
We retain data only as long as necessary to fulfill the purposes described above, to comply with legal or contractual obligations, or per retention periods specified in provider agreements. When no longer required, data is securely deleted or anonymized in accordance with our policies and contractual obligations.
Provider Obligations
Point-of-service providers are responsible for ensuring they have the appropriate legal basis and consents to submit personal data to us and for providing accurate information. Providers should inform individuals about the handling described in this policy as required by applicable law.
Individual Rights
Where applicable under law, individuals have rights such as access to, correction of, or objection to processing of their personal data. Requests should be directed to the contact below; we will respond in accordance with applicable legal requirements and contractual obligations.
Changes to This Policy
We may update this policy to reflect changes in practices or legal requirements. We will post the revised policy with an updated effective date.
