Privacy Policy

1. Information We Collect

We may collect account, company, training, assessment, document, incident, complaint, audit, and technical usage information needed to operate the service.

• Account details such as name, email address, role, and login activity
• Company records, contacts, subscription data, and compliance program details
• Documents, uploaded files, scan artifacts, remediation records, and workflow history
• System logs, browser metadata, IP addresses, and security telemetry

2. How We Use Information

We use information to provide, secure, maintain, support, and improve the platform, including:

• user authentication, company administration, and access control
• training reminders, alerts, system notices, and workflow email delivery
• risk scoring, reporting, remediation tracking, and document management
• security monitoring, troubleshooting, backup, and fraud or abuse prevention

3. HIPAA-Related Handling

Depending on how a customer uses the platform, information stored in the service may include regulated health information or related security data. Where applicable, the handling of such data is governed by the customer’s service arrangement and any executed business associate agreement.

This Privacy Policy describes platform-level practices. It is not a substitute for a covered entity’s own Notice of Privacy Practices required under HIPAA. Customers remain responsible for their own HIPAA notices, permissions, disclosures, and regulatory decisions.

4. Sharing and Disclosure

We do not sell personal information. We may disclose information as necessary to:

• provide the service to the subscribing customer
• work with hosting, email, infrastructure, and support providers acting on our behalf
• comply with law, regulation, court order, or valid legal process
• protect the security, rights, property, or safety of customers, users, or the public

5. Security Safeguards

We use safeguards designed to protect information at rest and in transit, limit access, maintain audit trails, and support secure administration. No method of storage or transmission is perfectly secure, and customers should also maintain strong internal controls and workforce training.

6. Retention

We retain information for as long as needed to provide the service, meet contractual and legal obligations, maintain security and audit records, resolve disputes, and enforce agreements. Retention may vary by data type, customer instructions, and applicable law.

7. User Choices and Customer Control

Customers control their workforce users, company records, and most content stored in the platform. Users may need to contact their employer or company administrator for access, correction, export, retention, or deletion requests related to company-managed information.

8. Contact

HIPAA Security Suite® by Acentec, Inc.
17853 Santiago Blvd., #107-293
Villa Park, California 92861
info@hipaasecuritysuite.com | 949-474-7774