Privacy Policy

1. Introduction

HIPAANinja, a service provided by Telehealth.org (“we”, “our”, or “us”), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our free HIPAA compliance management platform (“Service”).

2. Not Legal Advice

This Privacy Policy describes our data practices and is not intended as legal advice. For legal guidance on your privacy or HIPAA obligations, consult a qualified attorney. See our Terms of Service for related limitations, disclaimers, and conditions.

3. Information We Collect

We collect information you provide directly when you:

• Create an account (e.g., email address, organization name, type, and size)
• Complete risk assessments (answers to compliance-related questions)
• Upload documents or images (“Uploaded Materials”)
• Update your profile or communicate with us through support channels

4. How We Use Your Information

We use your information to:

• Provide, maintain, and improve the Service
• Process inputs to deliver assessments and guidance
• Send technical notices, updates, or support communications
• Respond to inquiries and support requests
• Analyze usage trends to improve functionality
• Develop new features or services

5. Data Security

We implement appropriate technical and organizational measures to protect your information against unauthorized access, disclosure, alteration, or destruction. While we strive to use commercially acceptable means to safeguard your data, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

6. HIPAA Compliance and PHI Restrictions

Our platform is designed to assist with HIPAA compliance management but is not configured to store or process Protected Health Information (“PHI”). You are strictly prohibited from uploading PHI, including any data that directly or indirectly identifies an individual (e.g., patient names, dates of service, medical IDs). We do not actively scan user submissions for PHI. If you upload PHI in violation of this policy, you assume full responsibility, and Telehealth.org disclaims all liability. The Service is not intended to act as a HIPAA-compliant repository, and we are not your Business Associate under HIPAA.

7. Free Service and Data Use

HIPAANinja is a free service. We do not sell or rent your personal information. We may use aggregated, anonymized data — which does not identify you — to improve the Service, inform educational content, perform internal analytics, and support industry research.

8. Data Retention

We retain your personal information only as long as necessary for the purposes described in this Policy, including legal and reporting requirements. Typically, this is for the duration of your account. Upon request, we will delete your data within a commercially reasonable timeframe, unless retention is required by law.

9. Your Rights

Depending on your jurisdiction, you may have rights including:

• Accessing the personal information we hold about you
• Correcting inaccurate information
• Requesting deletion of your personal data (subject to legal exceptions)
• Objecting to or restricting certain types of processing
• Withdrawing consent (if processing is based on consent)
• Requesting data portability
• Filing a complaint with a relevant data protection authority

To exercise these rights, contact us using the details in Section 19.

10. Cookies and Tracking Technologies

We use cookies and similar technologies (e.g., tags, beacons) to operate and analyze the Service. Cookies may store identifiers or session data on your device. You may adjust your browser settings to refuse cookies; however, some features may not function properly without them.

11. Information Sharing and Disclosure

We may share information as follows:

• With service providers (e.g., hosting, analytics, or support platforms) under contractual obligations to protect your data
• For legal reasons, including to comply with law, respond to legal process, or protect users and property
• With your consent, if you explicitly authorize sharing
• As aggregated or de-identified data, for purposes such as benchmarking, research, or product improvement

12. International Data Transfers

If you access the Service from outside the United States, your information may be transferred to and processed in the U.S., where privacy laws may differ. By providing your information, you consent to such transfer.

13. Intended Use for U.S. HIPAA Context Only

This Service is intended solely for use in U.S.-based HIPAA compliance contexts. It is not designed to comply with the General Data Protection Regulation (GDPR) or other international privacy laws. If your organization is subject to such frameworks, you should seek alternative solutions.

14. Data Breach Procedures

In the event of a data breach involving your personal information, we will take appropriate mitigation steps and provide timely notifications in accordance with applicable laws.

15. Do Not Track Signals

We do not currently respond to “Do Not Track” browser settings, as no universal standard for handling such signals exists.

16. Business Transfers

If Telehealth.org is involved in a merger, acquisition, asset sale, or bankruptcy, your personal data may be transferred as part of that transaction. We will notify you if your data becomes subject to a new Privacy Policy.

17. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Any material changes will be posted here with an updated “Last Updated” date. Where required, we will provide additional notice (e.g., via email or Service notification). Please review this page periodically for updates.

18. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at: 📧 privacy@telehealth.org