Privacy Policy

Last updated: December 23, 2025

This Privacy Policy describes how HealthcareAnalytics.dev ("we," "us," or "our") collects, uses, and discloses information in connection with our websites, products, and services (collectively, the "Services").

1. Scope

This Privacy Policy applies to information we collect through the Services, including when you visit healthcareanalytics.dev, request a demo, create an account, or otherwise interact with us.

Healthcare context: We provide data and analytics services to healthcare providers and other organizations. When we process data on behalf of a customer (for example, a healthcare provider), that customer controls the data and determines how it is used. If you are a patient or end-user whose information may be processed by one of our customers, please contact the relevant organization directly about your privacy questions.

2. Information We Collect

2.1 Information you provide

Contact and account information (e.g., name, work email, phone number, job title, organization).
Inquiry and support information (e.g., messages, tickets, call recordings if applicable, and related metadata).
Billing and transaction information (e.g., billing contact details; payment information is typically processed by our payment processor, if used).

2.2 Information collected automatically

Device and usage data (e.g., IP address, browser type, device identifiers, pages viewed, links clicked, time spent, referring URLs).
Log data (e.g., access times, errors, diagnostic events, and security/audit logs).
Approximate location (e.g., inferred from IP address).

2.3 Information from third parties

We may receive information from third parties, such as your employer or organization (for enterprise accounts), identity providers (single sign-on), integration partners, and service providers that help us operate the Services.

2.4 Customer data (including potential health-related data)

Our customers may provide data to the Services for analytics, reporting, and operational purposes ("Customer Data"). Customer Data may include information that is regulated under healthcare and privacy laws. We process Customer Data as instructed by the customer and under our applicable agreements.

3. How We Use Information

We use information for purposes such as:

Provide and operate the Services (e.g., account creation, authentication, dashboards, analytics outputs).
Improve and develop the Services (e.g., debugging, performance optimization, feature development).
Security and fraud prevention (e.g., monitoring for suspicious activity, protecting accounts and systems).
Communications (e.g., responding to requests, sending service notices, administrative messages).
Sales and marketing (e.g., sending newsletters or product updates where permitted; you can opt out anytime).
Legal and compliance (e.g., meeting legal obligations, enforcing terms, defending legal claims).

We may share information in the following circumstances:

Service providers and subprocessors who help us host, secure, analyze, support, or deliver the Services (e.g., cloud hosting, monitoring, customer support tools). They are authorized to access information only as needed to perform services for us.
Customer organizations (for example, your employer or contracting entity) in connection with administering enterprise accounts and as otherwise directed by the customer.
Legal, safety, and rights protection when we believe disclosure is necessary to comply with law, respond to lawful requests, protect rights and safety, or investigate fraud/security issues.
Business transfers in connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, where information may be transferred subject to appropriate safeguards.

"Sale" / "sharing" under certain laws: We do not sell personal information for money. However, some privacy laws define "sale" or "sharing" broadly to include certain disclosures for analytics or advertising. If we use third-party analytics or cookies that may be interpreted that way, we provide choices described below.

5. Cookies and Similar Technologies

We use cookies and similar technologies (e.g., pixels, SDKs, local storage) to operate our site, remember preferences, understand usage, and improve the Services.

5.1 Types of cookies we may use

Strictly necessary: required for core functionality (e.g., login, security).
Functional: remember choices and settings.
Analytics: help us understand how the Services are used.
Advertising: used to deliver ads or measure ad performance (if enabled). If we enable these, we will provide appropriate notice and choices.

5.2 Your choices

You can control cookies through your browser settings.
If we implement a cookie banner or preferences tool, you can adjust your preferences there.
Some analytics providers offer opt-out tools (availability depends on the provider).

6. HIPAA / Protected Health Information (PHI)

To the extent we handle Protected Health Information (PHI) on behalf of a healthcare provider or other covered entity, we do so as a Business Associate (or subcontractor) under the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations ("HIPAA"), and our handling of such PHI is governed by our Business Associate Agreement (BAA) with the customer.

This website privacy policy generally describes how we handle information for our own business purposes (e.g., website visitors, marketing, and general operations). PHI provided to us by customers is handled under the BAA and customer instructions. If you are a patient, please direct HIPAA and privacy requests to your healthcare provider.

7. De-identified and Aggregated Data

Where permitted by law and our agreements, we may create and use de-identified or aggregated data (information that does not reasonably identify an individual) for purposes such as improving the Services, benchmarking, analytics, and reporting. We maintain and use such data in de-identified form and do not attempt to re-identify it except as permitted by law.

8. Security

We implement administrative, technical, and physical safeguards designed to protect information, such as access controls, encryption in transit, monitoring, and audit logging. No system is 100% secure, and we cannot guarantee absolute security.

9. Data Retention

We retain information for as long as reasonably necessary to provide the Services and for legitimate business purposes, such as complying with legal obligations, resolving disputes, enforcing agreements, and maintaining security. Retention of Customer Data (including any PHI) is governed by our customer agreements and applicable law.

10. Your Privacy Choices and Rights

10.1 Communications

You can opt out of marketing emails at any time by using the unsubscribe link in the message or by contacting us at hello@healthcareanalytics.dev. You may still receive transactional or service-related messages.

10.2 Access, correction, and deletion

Depending on where you live and how you interact with us, you may have rights to request access to, correction of, or deletion of certain personal information. To make a request, contact us at hello@healthcareanalytics.dev.

If your information is part of Customer Data processed on behalf of a healthcare provider or other customer, we may need to route your request to the customer or respond consistent with our agreements and applicable law.

10.3 U.S. state privacy disclosures (if applicable)

Certain U.S. state privacy laws (e.g., California, Colorado, Connecticut, Utah, Virginia, and others) provide residents specific rights, which may include the right to opt out of certain data uses (like targeted advertising), and the right to access, delete, or correct personal information. Where applicable, we will honor validated requests and may ask you to verify your identity.

Do Not Sell/Share: If required and applicable to our practices, we will provide a mechanism to opt out of "sale" or "sharing" as defined by law.
Appeals: Where required, you may appeal our decision regarding a privacy request by replying to our response or emailing us.
Authorized agents: Some laws allow you to designate an authorized agent to submit requests on your behalf, subject to verification.

10.4 GDPR/UK GDPR (if applicable)

If you are located in the European Economic Area (EEA), Switzerland, or the United Kingdom, you may have rights under applicable law (including access, correction, deletion, objection, restriction, portability, and withdrawal of consent where processing is based on consent). You may also have the right to lodge a complaint with your local supervisory authority.

11. International Users

We may process and store information in the United States and other countries where we or our service providers operate. These locations may have data protection laws that differ from those in your jurisdiction. Where required, we use appropriate safeguards for cross-border transfers (such as contractual protections).

12. Children

The Services are not directed to children under 13 (or under 16 in certain jurisdictions), and we do not knowingly collect personal information from children. If you believe a child has provided personal information to us, please contact us so we can take appropriate action.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and update the "Last updated" date above. If changes are material, we may provide additional notice as required by law.

14. Contact Us

If you have questions about this Privacy Policy or our privacy practices, contact us at hello@healthcareanalytics.dev.