hipaa.app
HIPAA Compliance Document Management Business Associate Agreement Generator
Blog Support
Features Pricing Contact Sales
Sign In Get Started

Privacy Policy

Last updated: February 19, 2026

1. Introduction

hipaa.app ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.

Please read this Privacy Policy carefully. By using hipaa.app, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Information You Provide

We collect information you provide directly to us, including:

  • Account information (name, email address, password)
  • Organization information (name, address, type of healthcare entity)
  • Assessment responses and compliance documentation data
  • Payment information (processed securely through Stripe)
  • Communications with us (support requests, feedback)

2.2 Automatically Collected Information

When you access our services, we automatically collect:

  • Device information (browser type, operating system)
  • Log data (IP address, access times, pages viewed)
  • Usage data (features used, actions taken)
  • Cookies and similar tracking technologies

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Generate your compliance documentation and risk assessments
  • Process transactions and send related information
  • Send compliance reminders and notifications
  • Respond to your comments, questions, and support requests
  • Monitor and analyze trends, usage, and activities
  • Detect, investigate, and prevent fraudulent transactions and abuse
  • Comply with legal obligations

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We share information with third-party vendors who perform services on our behalf, such as payment processing (Stripe), email delivery, and hosting services. These providers are contractually obligated to protect your information.

4.2 Legal Requirements

We may disclose information if required by law or in response to valid legal requests by public authorities.

4.3 Business Transfers

In connection with any merger, sale of company assets, or acquisition, your information may be transferred as a business asset.

4.4 With Your Consent

We may share information with your consent or at your direction, such as when you use our document sharing features.

5. Data Security

We implement appropriate technical and organizational measures to protect your information, including:

  • 256-bit encryption for data at rest and in transit
  • Regular security audits and vulnerability assessments
  • Access controls and authentication requirements
  • Employee training on data protection
  • Secure data center hosting with SOC 2 compliance

However, no method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as your account is active or as needed to provide you services. We also retain information as necessary to comply with legal obligations (including HIPAA's 6-year retention requirement), resolve disputes, and enforce our agreements.

When you delete your account, we will delete or anonymize your information within 30 days, except for information we're required to retain for legal purposes.

7. Your Rights and Choices

You have the following rights regarding your information:

  • Access: Request a copy of your personal information
  • Correction: Request correction of inaccurate information
  • Deletion: Request deletion of your information
  • Export: Download your data in a portable format
  • Opt-out: Unsubscribe from marketing communications

To exercise these rights, please contact us at [email protected].

8. Cookies and Tracking

We use cookies and similar tracking technologies to collect information about your browsing activities. You can control cookies through your browser settings, though disabling cookies may limit your ability to use some features.

We use the following types of cookies:

  • Essential cookies: Required for the service to function
  • Analytics cookies: Help us understand how you use our service
  • Preference cookies: Remember your settings and preferences

9. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we learn we have collected information from a child under 18, we will delete it promptly.

10. International Data Transfers

Your information may be transferred to and processed in the United States. By using our services, you consent to the transfer of your information to the United States, which may have different data protection laws than your country of residence.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. You are advised to review this policy periodically for any changes.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

hipaa.app

Email: [email protected]