1. Overview
This Privacy Policy explains how HIPAAList collects, uses, stores, and shares information when users visit the website, create accounts, use organization workspaces, communicate with HIPAAList, or use related services.
HIPAAList is not intended to receive or store PHI. Do not enter, upload, or submit PHI into HIPAAList.
2. Information We Collect
- Account and identity information, such as name, email address, authentication identifiers, organization membership, and profile details provided through the account system.
- Organization workspace records, such as profile settings, staff records, roles, documents, vendors, actions, evidence metadata, training settings, acknowledgements, reminders, exports, and audit history.
- Files and attachments users choose to upload, subject to HIPAAList's no-PHI rule and upload restrictions.
- Usage and technical information, such as IP address, user agent, device/browser details, pages visited, actions taken, timestamps, cookies, logs, and diagnostic data.
- Billing and subscription metadata handled by payment or billing providers, such as plan, subscription state, payment status, and customer identifiers.
- Support, feedback, and communications users choose to send.
3. How We Use Information
- Operate, secure, maintain, and improve HIPAAList.
- Authenticate users, manage organization workspaces, enforce access controls, and support billing state.
- Provide readiness workflows, document tools, training, reminders, exports, audit logs, notifications, and Assistant features.
- Generate, tailor, or improve templates, recommendations, and AI-assisted responses within product guardrails.
- Detect, prevent, and investigate abuse, security issues, errors, policy violations, and service misuse.
- Communicate about service updates, support, security notices, billing, and administrative matters.
- Comply with legal obligations and enforce terms.
4. How Information Is Shared
HIPAAList may share information with service providers that help operate the product, such as hosting, storage, authentication, billing, email, analytics, security, AI, and infrastructure providers. These providers are expected to use information only to provide services to HIPAAList.
HIPAAList may also share information when required by law, to protect rights and security, to prevent abuse, as part of a business transfer, or with a user's direction or consent.
5. AI Processing
Some HIPAAList features may use AI providers to generate or edit content. Users must not submit PHI to AI-assisted features. HIPAAList uses product guardrails intended to reduce PHI entry and avoid legal advice, but users remain responsible for what they submit and for reviewing outputs.
6. Cookies and Similar Technologies
HIPAAList and its providers may use cookies, local storage, and similar technologies for authentication, session management, preferences, analytics, fraud prevention, and product operation.
7. Retention
HIPAAList retains information for as long as needed to provide the service, maintain organization records and audit history, comply with legal obligations, resolve disputes, enforce agreements, protect security, and support legitimate business needs.
8. Security
HIPAAList uses reasonable safeguards designed to protect information. No method of transmission or storage is perfectly secure. Users should keep credentials secure, manage workspace access carefully, and avoid submitting PHI or unnecessary sensitive information.
9. Choices and Requests
Users may update certain account or workspace information through the product. Organization administrators may manage workspace records and access. Requests about account data, privacy, or deletion should be directed through the support or contact channel made available by HIPAAList.
10. Children
HIPAAList is intended for business and organizational use and is not directed to children.
11. Changes to This Policy
HIPAAList may update this Privacy Policy. When a material update is made, HIPAAList may require users to review and accept the updated version before continuing to use the workspace.
12. Contact
Questions about this Privacy Policy should be directed through the support or contact channel made available by HIPAAList.