Privacy Policy

1. Overview

HIPAAPath ("the Application") is a self-assessment tool that helps independent healthcare providers document their HIPAA Security Rule compliance posture. TDM Technologies LLC ("we," "us") is committed to a zero-persistence architecture: we do not store, process, or transmit your clinical data or patient health information (PHI) on our servers.

2. Data We Collect

• Account Information: When you sign in, we receive your name and email address from your chosen identity provider (email magic link, Google, or Microsoft). This identifies your account — nothing else from the provider is stored.
• Audit Data: The security self-assessment data you enter (practice name, device inventory, policy acknowledgments) is stored locally on your devices in your browser's IndexedDB. We do not transmit, store, or process this content on our servers. When you generate the Practice Security Manual, it is rendered locally and downloaded directly to your device for you to keep, share, or store wherever you choose. See §3 below for the full Bring-Your-Own-Storage architecture description.
• Usage Analytics: We use PostHog (US Cloud) to capture non-PHI usage events — page views, sign-in completions, chapter completions, and Manual export generation — to understand which parts of the product help. Autocapture is disabled, IP addresses are anonymized, session replay is disabled, and event payloads never include the contents of your audit. PostHog uses localStorage rather than cookies for its anonymous identifier.
• Error Monitoring: We use Sentry to capture client-side errors and server-side exceptions for debugging. Breadcrumbs and request payloads are filtered before transmission, and audit data, email addresses, and session tokens are never included in error reports.
• Server Logs & Hosting: The Application is hosted on Vercel. Standard edge and server logs (IP address, request path, timestamps, response status) may be retained for up to 30 days for security monitoring and operational purposes.
• Account Database: Your account record — name, email, identity provider, Terms of Service acceptance triplet (timestamp, version, IP address), and email-preference fields described below — is stored in a managed Postgres database operated by Neon. Audit data is never stored here.
• Email Delivery: Transactional email (magic-link sign-in, compliance-update welcome, one-click unsubscribe confirmations, and the quarterly compliance update itself) is sent via Resend. Resend processes your email address and message content for delivery.
• Email Preferences: If you opt in to compliance updates, we store your preference, the timestamp of your opt-in, and an opaque token used to process one-click unsubscribe requests. We do not share this with third parties; the token is rotated if you re-subscribe after unsubscribing.
• Purchases and Subscriptions: Payment processing is handled by Stripe; we never see or store your card details. When you make a purchase, we link your account to a Stripe customer ID and store the following non-payment metadata for the purposes of verifying your access to the artifact or subscription you bought:
  • Founding Member annual subscription ($299/year): Stripe subscription ID, Stripe price ID, subscription status (active, past_due, canceled, etc.), current period end date, and whether the subscription is set to cancel at the end of the current period.
  • Carrier-Mapped Insurance Summary ($99 one-time SKU): Stripe checkout session ID, payment intent ID, customer ID, amount, currency, status, purchase date, and refund date (if applicable).

3. Bring-Your-Own-Storage (BYOS) Architecture

Your audit data lives on your devices, not on our servers. Chapter answers and progress are stored in your browser locally; the Practice Security Manual you generate is downloaded directly to your device for you to keep, share, or store wherever you choose. We never see or store the contents of your audit.

4. No PHI on Our Servers

HIPAAPath is not a covered entity or business associate under HIPAA. The Application is designed to ensure that no Protected Health Information (PHI) or Personally Identifiable Information (PII) of your patients is ever entered into or transmitted through our platform. Do not enter patient names, dates of birth, or other PHI into any field in this tool.

5. Data Deletion

• Audit data on your devices: Audit data lives in your browser's IndexedDB and in any Manual you have downloaded. Clear your browser's site data for this domain and delete any downloaded Manual files to remove it from your devices.
• Email-preference records: To stop compliance-update emails, use the one-click unsubscribe link in any compliance-update email footer. This removes your opt-in flag and invalidates the unsubscribe token.
• Subscription cancellation: To cancel a Founding Member annual subscription, visit your Account page and use the "Manage subscription" link, which opens the Stripe customer portal. Cancellation takes effect at the end of the current paid term; access remains active until then. Cancellation does not delete your account record or purchase history — see the next item for that.
• Account record and purchase records: To delete your account record (name, email, identity-provider link, Terms of Service acceptance triplet, email preferences) and any associated Stripe-linked purchase or subscription metadata, contact privacy@hipaapath.com. Stripe payment-record retention is governed by Stripe's own retention policy and applicable tax / financial-record-keeping law.

6. Contact

For privacy inquiries, contact TDM Technologies LLC at privacy@hipaapath.com.