Privacy Policy

Effective Date

February 8, 2026

Overview

HealthOS ("we", "our", "us") provides software for healthcare operations and clinical workflows. This Privacy Policy explains what information we collect, how we use it, and the choices available to our customers and users.

Information We Collect

  • Account and profile data: name, email, role, organization membership, authentication identifiers.
  • Operational data: configuration, workflow events, audit logs, usage telemetry, and support interactions.
  • Healthcare-related data processed on behalf of customers: patient, scheduling, billing, and communications data that customers choose to store or transmit through HealthOS.
  • Device and technical data: IP address, browser or device metadata, and security diagnostics.

How We Use Information

  • Provide and maintain the platform.
  • Authenticate users and enforce access controls.
  • Support customer workflows, integrations, notifications, and reporting.
  • Monitor reliability, troubleshoot incidents, and improve product quality.
  • Detect fraud, abuse, unauthorized access, and other security risks.
  • Comply with legal obligations and contractual commitments.

Healthcare Data and HIPAA

Where applicable, HealthOS acts as a business associate and processes protected health information (PHI) according to customer instructions and applicable law, including HIPAA. Processing of PHI is governed by the applicable agreement, including a Business Associate Agreement (BAA), where required.

Legal Bases (Where Applicable)

Depending on jurisdiction, we process personal data based on contractual necessity, legitimate interests, legal obligations, consent, or other lawful grounds.

Sharing of Information

We share data only as needed to deliver services or comply with law:

  • Service providers and subprocessors that support infrastructure, storage, messaging, analytics, and support.
  • Customer-directed integrations and third-party services enabled by the customer.
  • Legal authorities when required by law, regulation, or valid legal process.
  • In a merger, acquisition, or asset transfer, subject to applicable safeguards.

We do not sell personal information.

Data Retention

We retain information for as long as needed to provide services, satisfy contractual requirements, resolve disputes, enforce agreements, and comply with legal obligations. Customers control retention settings for most tenant data.

Security

We use administrative, technical, and physical safeguards designed to protect information, including access controls, encryption in transit, auditing, and monitoring. No system is fully immune to risk, and customers remain responsible for secure user management in their own tenant.

International Data Transfers

Data may be processed in countries other than where users reside. Where required, we apply appropriate safeguards for cross-border transfers.

Your Choices and Rights

Depending on jurisdiction, individuals may have rights to access, correct, delete, restrict, or object to certain processing, and to data portability. Requests can be directed to the contact below. For tenant-managed data, we may refer requests to the relevant customer organization.

Children's Privacy

HealthOS is not directed to children under 13. We do not knowingly collect personal information directly from children under 13 outside of customer-directed healthcare workflows.

Changes to This Policy

We may update this Privacy Policy periodically. Material updates will be reflected by updating the effective date and, where required, providing additional notice.

Contact

For privacy questions or requests, contact: privacy@healthos.app