Privacy & HIPAA Notice
Clear, visible privacy language is a trust requirement in healthcare. This page is a starter template—edit to match your actual data flows.
Key point: This public website is designed to avoid collecting Protected Health Information (PHI). Do not submit patient identifiers through forms or chat.
What we collect
- Contact details you choose to submit (name, email, organization)
- Project details you provide (non-clinical)
- Basic, non-identifying analytics (optional and configurable)
If analytics are enabled, configure them to avoid collecting sensitive data and respect consent.
How we protect data
- Encryption in transit (HTTPS)
- Least-privilege access for internal review
- Data minimization and short retention where possible
- Incident-response processes for security issues
HIPAA context (informational)
HIPAA requirements usually apply when PHI is handled in covered-entity or business-associate relationships. If your product will process PHI, additional controls and contractual requirements (such as BAAs) may apply.
This notice is not legal advice.