Privacy Policy

Account information: name, email address, organization information, role, authentication data, subscription status, and related account settings.

Service data: information you enter, upload, generate, review, or save while using the Service, including processed spreadsheet data and operational records needed to provide the product.

Usage and security data: log data, device and browser information, IP address, pages visited, feature activity, audit logs, authentication events, error data, and similar information used to operate, secure, debug, and improve the Service.

Payment data: subscription and billing status from Stripe or another payment processor. We do not store full payment-card numbers.

Where desktop tooling is used, source documents should be processed locally before upload. The web Service is intended to receive only the expected processed spreadsheet output, not raw patient charts, source records, images, encounter notes, or other unnecessary protected health information.

The Service may validate uploaded files, reject unsafe or unexpected rows, extract structured values, store the resulting structured data, and avoid storing raw uploaded files when feasible. Users remain responsible for reviewing uploads and ensuring they are appropriate for the Service.

We use information to provide, maintain, secure, personalize, debug, and improve the Service; manage accounts and subscriptions; respond to support requests; maintain audit logs; prevent abuse; comply with legal obligations; and develop product features.

We may create aggregated or de-identified information for analytics, security, product improvement, and business planning. We do not use submitted practice data to sell personal information.

We use trusted third-party providers to operate the Service, including hosting, authentication, database, storage, analytics, email, and payment-processing providers. Current providers may include Vercel, Supabase, and Stripe.

These providers may process information on our behalf as necessary to deliver their services. We do not authorize them to use your information for their own unrelated purposes except as permitted by their agreements and applicable law.

We may disclose information when required by law, to protect rights and safety, to investigate abuse or security incidents, to enforce our terms, with your direction or consent, or in connection with a merger, financing, acquisition, reorganization, or sale of assets.

We do not sell personal information. We do not intentionally disclose protected health information except as needed to provide the Service, comply with law, protect the Service, or as otherwise directed by an authorized user.

We retain information for as long as reasonably necessary to provide the Service, maintain business records, comply with legal obligations, resolve disputes, enforce agreements, preserve security logs, and support legitimate business purposes.

Retention periods may vary by data type. For example, account and billing records may be retained while an account is active and for a reasonable period afterward; security and audit logs may be retained longer where appropriate for compliance and operational integrity.

We use administrative, technical, and organizational safeguards designed to protect information, including access controls, authentication, encrypted transport, validation controls, and security logging. No system is perfectly secure, and we cannot guarantee absolute security.

You are responsible for using strong credentials, limiting account access to authorized users, reviewing files before upload, and promptly notifying us of suspected unauthorized access or security concerns.

We use cookies and similar technologies for authentication, session management, security, preference storage, and Service functionality. Disabling cookies may prevent parts of the Service from working properly.

Depending on your location and applicable law, you may have rights to access, correct, delete, export, or restrict certain personal information. To make a request, contact us using the email below.

We may need to verify your identity and authority before fulfilling a request. Some information may be retained where necessary for security, legal compliance, billing records, dispute resolution, or legitimate business purposes.

The Service is intended for business users and is not directed to children under 13. We do not knowingly collect personal information from children under 13.

The Service is operated from the United States. If you access the Service from outside the United States, your information may be processed in the United States or other locations where our service providers operate.

We may update this Privacy Policy from time to time. The updated version will be posted on this page with a revised “Last updated” date. Continued use of the Service after an update means you acknowledge the updated Policy.