Privacy Policy

1. Introduction

Simple Patient Records ("SPR," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our patient management and electronic health records platform.

By using our Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

Account Information

When you register for an account, we collect:

• Name and email address
• Practice/organization name
• Phone number (optional)
• Billing information (processed by Stripe)

Patient Health Information (PHI)

As a healthcare platform, you may store Protected Health Information including:

• Patient demographics and contact information
• Medical records and clinical notes
• Appointment history
• Insurance information
• Documents and electronic signatures

Usage Information

We automatically collect certain information when you use our Service, including IP address, browser type, pages visited, and timestamps. This helps us improve our Service and maintain security.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our Service
• Process transactions and send related information
• Send administrative communications (updates, security alerts)
• Respond to your comments, questions, and requests
• Monitor and analyze usage patterns and trends
• Detect, investigate, and prevent security incidents
• Comply with legal obligations

4. HIPAA Compliance

Simple Patient Records is designed to be HIPAA compliant. We implement appropriate administrative, technical, and physical safeguards to protect PHI, including:

• Encryption of data in transit and at rest
• Access controls and authentication requirements
• Comprehensive audit logging of all data access
• Multi-tenant data isolation
• Regular security assessments
• Business Associate Agreements (BAA) available upon request

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share information only:

• With service providers: Third-party vendors who help us operate our Service (e.g., Stripe for payments, Clerk for authentication, cloud hosting providers)
• For legal compliance: When required by law, court order, or government request
• To protect rights: When necessary to protect our rights, safety, or property
• With consent: With your explicit consent for any other purpose

6. Data Security

We implement industry-standard security measures including:

• TLS/SSL encryption for all data transmission
• Encrypted database storage
• Regular security audits and vulnerability testing
• Employee access controls and training
• Incident response procedures

While we strive to protect your information, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

7. Data Retention

We retain your information for as long as your account is active or as needed to provide our Service. Healthcare records are retained in accordance with applicable regulations. You may request deletion of your account, but certain data may be retained as required by law or for legitimate business purposes.

8. Your Rights

You have the right to:

• Access and receive a copy of your personal data
• Request correction of inaccurate data
• Request deletion of your data (subject to legal requirements)
• Export your data in a portable format
• Opt out of marketing communications

To exercise these rights, contact us at privacy@simplepatientrecords.com

9. Cookies and Tracking

We use essential cookies to maintain your session and preferences. We do not use third-party advertising cookies. You can configure your browser to refuse cookies, but this may affect functionality.

10. Children's Privacy

Our Service is not directed to children under 13. We do not knowingly collect information from children under 13. If you believe we have collected such information, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: