PRIVACY POLICY

Last Updated: March 8, 2025

We at Chartbrite, Inc. ("Chartbrite," "we," "us," or "our") have created this privacy policy (this "Privacy Policy") because we understand the importance of protecting the privacy of information you provide to us. This Privacy Policy explains our information collection and use practices in connection with our website located at [<www.chartbrite.com>] (the "Website"), our proprietary software as a service (SaaS) platform (the "Platform") which is made available as a web application via our Website, and when you otherwise interact with us.

1. Description of Users and Acceptance of Terms

This Privacy Policy applies to visitors to the Website, who view only publicly-available content ("Visitors"), and clinicians who have signed up to access and use the Platform (the "Customers").

By visiting our Website, Visitors are agreeing to the terms of this Privacy Policy and the accompanying Website Terms of Use.

By accessing and/or using the Platform, each Customer is agreeing to the terms of this Privacy Policy and the accompanying Platform Terms of Use.

Capitalized terms not defined in this Privacy Policy shall have the meaning set forth in our Website Terms of Use or the Platform Terms of Use, as the context requires.

2. The Information We Collect and/or Receive

In the course of operating the Website and the Platform, and/or interacting with you, we will collect (and/or receive) the following types of information. You authorize us to collect and/or receive such information.

2.1 Contact Information

When you contact us through the Website, email or by mail, when you call us, when you subscribe to receive more information about our products and services, you will be asked to provide certain information, including but not limited to, your name, email address, phone number, practice name, job title, and any other information you are contacting us about (collectively, the "Contact Information"). The Contact Information is used to provide the requested service or information and to contact you for purposes of direct marketing of our current and future services.

2.2 Account Information

In order to access and use our Platform, you will have to create an account on our Platform. In connection with creating an account on our Platform, you will be asked to provide your email address and create a password (collectively, "Account Information"). We use the Account Information to process the creation of your account, including to verify your identity, and to manage your account.

2.3 Billing Information

If you choose to pay the applicable fees by credit card, you will be required to provide certain additional information which may include a credit card number, expiration date, billing zip code, activation code, bank information, and similar information ("Billing Information"). Such Billing Information will be collected and processed by our third-party payment processor pursuant to the terms and conditions of their privacy policies and terms of use. Chartbrite does not directly obtain, store or process any Billing Information.

2.4 Your Data

In using the Platform, you will provide us with your data, which may include Protected Health Information ("PHI") as defined under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and its implementing regulations (collectively, "Your Data"). We will use Your Data in accordance with our Platform Terms of Use and any applicable Business Associate Agreement ("BAA"). Any personal information or PHI contained in Your Data will be used in accordance with this Privacy Policy and applicable law, including HIPAA.

Important Note: Chartbrite does not use any uploaded information, including PHI or any other data you provide, to train artificial intelligence models. Your Data is used solely for providing the services you have requested and as otherwise described in this Privacy Policy.

2.5 Information obtained automatically from your online activity

When you access or use the Website and the Platform, we use browser cookies and similar technologies (collectively, "Tracking Technologies") to automatically collect or receive certain standard technical information and other data. This other data may include: traffic data; usage data (including but not limited to features used, frequency and duration of the Website and the Platform usage, and interactions with content on the Website and the Platform); device information (including but not limited to, type of device, operating system, browser type, screen resolution, IP address and other technical information); logs and other communications data sent to us by your computer or other device over time on our Website and Platform; and your online activity on our Website and Platform.

When you access or use the Website and the Platform, advertising companies, analytics networks and providers, and other third parties may use Tracking Technologies to collect information about your online activities over time and across different websites, apps, online services, digital properties and devices.

The data we or third parties collect automatically may include personal information and/or statistical data that may not identify you personally; however, we or third parties may maintain, combine, or associate it with personal information collected in other ways or received from third parties. We and/or third parties use this information to (i) enhance the performance and functionality of the Website and Platform; (ii) personalize your experience with the Website and Platform, understand how you use the Website and Platform, maintain a persistent session, and improve and further develop the Website and Platform; and (iii) for analytics purposes.

The primary Tracking Technologies used on the Website and the Platform are:

Cookies: Cookies are small packets of data that a website stores on your computer's hard drive so that your computer will "remember" information about your visit. In addition to collecting information, we use cookies to help us authenticate users, provide content of interest to you, and analyze which features you use most frequently. To do this, we may use both session cookies, which expire once you close your web browser, and persistent cookies, which stay on your computer until you delete them. For information regarding your choices regarding Cookies, please see Section 4 of this Privacy Policy.

2.6 Information obtained from AWS analytics services

We use AWS (Amazon Web Services) analytics services to evaluate your use of the Website and the Platform, compile reports on activity, and analyze performance metrics. AWS uses cookies and other technologies to help analyze and provide us the data. By accessing the Website and/or the Platform, you consent to the processing of data about you by AWS in the manner and for the purposes set out in this Privacy Policy. All analytics data is processed and stored in compliance with HIPAA requirements when applicable, with appropriate security measures and business associate agreements in place.

3. How We Use and Share the Information

We may use and share your personal information as set forth below:

  • To provide the Website and the Platform;
  • To solicit your feedback, inform you about our products and services;
  • To monitor, support, analyze, and improve the Website and the Platform;
  • To communicate with you regarding the Website and the Platform;
  • To fulfill your requests for information regarding new or improved products and services;
  • To engage in marketing, advertising, and tracking activities, and evaluate the efficacy of our efforts, provided that, where required under applicable law, we will obtain your prior opt-in consent to send electronic marketing communications;
  • To engage in research, project planning, troubleshooting problems, and detecting and protecting against error, fraud, or other criminal activity;
  • To protect the safety and security of our Website and Platform, businesses and customers;
  • To third-party contractors and service providers that provide services to us in the operation of our business and assistance with the Website and the Platform, such as technical support for the Website and the Platform and providing services such as IT and cloud hosting, payment processing, customer relationship management, email marketing, analytics services, and administrative services, among others (with appropriate safeguards in place);
  • To fulfill our legal and regulatory requirements;
  • To comply with applicable law, such as to comply with a subpoena, or similar legal process, and when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request;
  • To assess or complete a corporate sale, merger, reorganization, sale of assets, dissolution, investment, or similar corporate event where we expect that your personal information will be part of the transferred assets;
  • To audit our internal processes for compliance with legal and contractual requirements or our internal policies;
  • To prevent, identify, investigate, and deter fraudulent, harmful, unauthorized, unethical, or illegal activity, including cyberattacks and identity theft;
  • To personalize your experience using the Platform by using your own usage data (we will not use one user's data to personalize another user's experience); and
  • Otherwise, with your consent.

We will take reasonable measures (e.g., by contract) to require that any party receiving any of your personal information from us, including for purposes of providing the Website and the Platform, undertakes to: (i) retain and use such information only for the purposes set out in this Privacy Policy; (ii) not disclose your personal information except with your consent, as permitted by applicable law, or as permitted by this Privacy Policy; and (iii) generally protect the privacy of your personal information.

4. ACCESSING AND MODIFYING INFORMATION AND COMMUNICATION PREFERENCES

Update Information: If the personal information we have for you changes, you may correct, update, or delete it by contacting us as set forth in Section 13 of this Privacy Policy. You may correct, update, or delete some of your personal information directly in your account on the Platform. We will use commercially reasonable efforts to process all such requests in a timely manner. You should be aware, however, that it is not always possible to completely remove or modify information in our databases. Additionally, we will retain and use your information (or copies thereof) as necessary to comply with our legal and/or regulatory obligations, resolve disputes, and enforce our agreements.

Marketing Communications: You may manage your receipt of marketing and non-transactional communications by clicking on the "unsubscribe" link located on the bottom of any of our marketing emails. Please note that you cannot opt out of receiving transactional e-mails.

Cookie Management: Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. Please note that if you set your browser to disable cookies or other Tracking Technologies, the Website and the Platform may not work properly. For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit <www.allaboutcookies.org>.

You will need to apply these opt-out settings on each device from which you wish to opt-out. We cannot offer any assurances as to whether the companies we work with participate in the opt-out programs described above.

5. How We Protect the Information

We take commercially reasonable security measures to ensure that your information is treated securely and is protected from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, taking into account the risks involved in processing and the nature of such data, and in compliance with applicable laws and regulations.

For PHI, we implement physical, technical, and administrative safeguards in compliance with HIPAA's Security Rule to protect the confidentiality, integrity, and availability of PHI. We maintain formal HIPAA compliance programs and undergo regular security assessments. These include:

  • Encryption of PHI both in transit and at rest
  • Role-based access controls
  • Regular security risk assessments
  • Business associate agreements with all vendors who may have access to PHI
  • Regular auditing of system access and changes
  • Workforce training on privacy and security policies and procedures
  • Secure, HIPAA-compliant AWS infrastructure

Additionally, we provide HIPAA training to our workforce members who may have access to PHI.

Unfortunately, the Internet cannot be guaranteed to be 100% secure, and we cannot ensure or warrant the security of any information you provide to us. In particular, e-mail sent to or from the Website and/or the Platform may not be secure, and you should therefore take special care in deciding what information you send to us via e-mail or other electronic means. We do not accept liability for unintentional disclosure of your information.

6. External Sites

The Website and Platform may contain links to external third-party websites ("External Sites"). Chartbrite has no control over the privacy practices or the content of these External Sites. As such, we are not responsible for the content or the privacy policies of those External Sites. You should check the applicable third-party privacy policy and terms of use when visiting any External Sites.

7. Children

We do not knowingly collect personal information from children under the age of 18 through the Website or Platform. If you are under 18, please do not give us any personal information. We encourage parents and legal guardians to monitor their children's Internet usage and to help enforce our Privacy Policy by instructing their children never to provide personal information through the Website and the Platform without their permission. If you have reason to believe that a child under the age of 18 has provided personal information to us, please contact us, and we will endeavor to delete that information from our databases.

8. Notice to California Residents

Pursuant to Section 1798.83 of the California Civil Code, residents of California have the right to obtain certain information about the types of personal information that companies with whom they have an established business relationship (and that are not otherwise exempt) have shared with third parties for direct marketing purposes during the preceding calendar year, including the names and addresses of those third parties, and examples of the types of services or products marketed by those third parties. If you wish to submit a request pursuant to Section 1798.83, please contact us via email at [support@chartbrite.com].

9. Notice to Nevada Residents

If you are a resident of Nevada, you have the right to opt-out of the sale of certain personal information to third parties. You can exercise this right by contacting us at [support@chartbrite.com] with the subject line "Nevada Do Not Sell Request" and providing us with your name and the email address associated with your account. Please note that we do not currently sell your personal information as sales are defined in Nevada Revised Statutes Chapter 603A.

10. HIPAA and PHI

As a provider of services to healthcare professionals, we may receive, create, maintain, use, or disclose PHI. When we do so, we are subject to HIPAA and its implementing regulations. We will maintain the privacy and security of PHI as required by HIPAA and any applicable Business Associate Agreement.

When you use our Platform to create, receive, maintain, or transmit PHI, we do so as your Business Associate, as that term is defined in HIPAA. As your Business Associate, we will only use or disclose PHI as permitted by the applicable Business Associate Agreement and HIPAA.

In the event of a breach of unsecured PHI, we will notify affected Customers in accordance with HIPAA breach notification requirements, which include:

  • Notification without unreasonable delay and in no case later than 60 calendar days after discovery of a breach
  • A description of the breach, the types of information involved, and steps individuals should take to protect themselves
  • Steps we are taking to investigate the breach, mitigate harm, and prevent future breaches
  • Contact procedures for individuals to ask questions or learn additional information

We maintain a formal breach notification policy and procedures in accordance with HIPAA requirements.

11. Data Retention and Deletion

We retain personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law. For PHI, we will retain it for the period specified in our Business Associate Agreement with you or as required by law, whichever is longer.

You may request deletion of your personal information by contacting us as described in Section 13. Upon termination of your account, we will delete or de-identify your personal information in accordance with our data retention policies and applicable law, except for information that we are required to retain for legal or compliance purposes.

For PHI, upon termination of our services, we will:

  • Return or destroy all PHI received from, or created or received on behalf of, our Customers in accordance with the applicable Business Associate Agreement
  • Retain no copies of the PHI except as required by law or for compliance purposes
  • Apply appropriate safeguards to any PHI that cannot be returned or destroyed

12. Changes to This Privacy Policy

This Privacy Policy is effective as of the date stated at the top of this Privacy Policy. We may change this Privacy Policy from time to time with or without notice to you. Any such changes will be posted on the Website and the Platform. By visiting the Website, and/or accessing and/or using the Platform after we make any such changes to this Privacy Policy, you are deemed to have accepted such changes. Please be aware that, to the extent permitted by applicable law, and without prejudice to the foregoing, our use of your information is governed by the Privacy Policy in effect at the time we collect the information. Please refer back to this Privacy Policy on a regular basis.

Return to Home