← Back to HIPAAPath

Privacy Policy

Effective Date: April 10, 2026 | TDM Technologies LLC

1. Overview

HIPAAPath ("the Application") is a self-assessment tool that helps independent healthcare providers document their HIPAA Security Rule compliance posture. TDM Technologies LLC ("we," "us") is committed to a zero-persistence architecture: we do not store, process, or transmit your clinical data or patient health information (PHI) on our servers.

2. Data We Collect

  • Google Account Information: When you sign in with Google, we receive your name, email address, and a short-lived OAuth access token scoped to drive.file. This token is never stored persistently — it exists only in your session.
  • Audit Data: The security self-assessment data you enter (practice name, device inventory, policy acknowledgments) is stored only in your personal Google Drive in a folder named HIPAA_Fortress_Saves. We cannot access these files.
  • Usage Analytics: We do not currently use third-party analytics. Standard server logs (IP address, request path, timestamps) may be retained for up to 30 days for security monitoring purposes.

3. Bring-Your-Own-Storage (BYOS) Architecture

All audit files are written directly to your Google Drive account using the drive.file scope, which limits access to only files created by this application. We cannot read, modify, or delete any other files in your Drive. You may revoke this access at any time via your Google Account permissions.

4. No PHI on Our Servers

HIPAAPath is not a covered entity or business associate under HIPAA. The Application is designed to ensure that no Protected Health Information (PHI) or Personally Identifiable Information (PII) of your patients is ever entered into or transmitted through our platform. Do not enter patient names, dates of birth, or other PHI into any field in this tool.

5. Data Deletion

To delete your audit data, delete the HIPAA_Fortress_Saves folder from your Google Drive. To delete your account association, revoke HIPAAPath's access in your Google Account settings. We do not retain copies.

6. Contact

For privacy inquiries, contact TDM Technologies LLC at privacy@hipaapath.com.

Terms of Service →