Privacy Policy
Effective Date: 5/1/2025
1. Introduction: Codeguru LLC dba CodePilot (“we,” “our,” or“us”) is committed to protecting the privacy and security of Protected HealthInformation (PHI), Personal Identifiable Information (PII), and other personal and technical data entrusted to us. This Privacy Policy outlines how we collect,use, disclose, and protect information in connection with oursoftware-as-a-service (SaaS) offerings designed to support healthcareproviders, Skilled Nursing Facilities (SNFs), and related organizations withdocumentation, compliance, administrative, and operational workflows.ThisPrivacy Policy complies with applicable data protection laws, including theHealth Insurance Portability and Accountability Act of 1996 (HIPAA), and, whereapplicable, state privacy laws such as the California Consumer Privacy Act(CCPA).
2. Information We Collect: We may collect and process the following types of information:
Personal Identifiable Information(PII): Names, addresses, phone numbers, email addresses, dates of birth, and other identifiers.
Protected Health Information (PHI): Medical histories, diagnoses, treatment records, clinician notes, and other health-related data provided by or on behalf of clients.
Account Information: User names, login credentials, role-based permissions, and metadata related to authentication and session activity.
Client-Submitted Data: Information uploaded by authorized users (e.g., Skilled Nursing Facilities or clinicians)on behalf of patients, staff, or other individuals.
Technical Data: IP addresses, browser and device types, operating system data, and usage patterns collected via cookies and other tracking technologies.
3. How We Use Information: We use the collected information for the following purposes:
To provide, operate, and enhance our software services and related tools tailored to the healthcare and Skilled Nursing Facility sectors.
To support documentation workflows, administrative processes, and data analysis related to clinical, operational, or compliance objectives.
To process information using automation or artificial intelligence where applicable, including support for decision-making or reporting.
To comply with applicable privacy, security, and healthcare regulations (e.g., HIPAA).
To communicate with clients, manage accounts, and respond to inquiries.
To maintain audit trails, enforce access controls, and ensure data integrity.
To improve our services through aggregated or de-identified data analysis, provided it does not identify anyindividual.
4. Disclosure of Information: We do not sell or rent personal or health information to third parties. However, we may disclose information as follows:
Authorized Personnel: Employees, contractors, or affiliates who require access to perform their job functions and are bound by confidentiality and security obligations.
Service Providers and Business Associates: Third-party vendors who assist in our operations (e.g., hosting, analytics, support). Where applicable, such vendors operate under HIPAA-compliant Business Associate Agreements (BAAs).
Legal Requirements: When required by law, such as in response to subpoenas, court orders, or governmentinvestigations.
Infrastructure and Technology Partners: We may use secure third-party infrastructure providers to host,store, or process data while maintaining full responsibility for compliance and security.
5. Data Security: We maintain administrative, technical, and physical safeguards designed to protect the confidentiality, integrity, and availability of your data, including:
Encryption of data both in transit and at rest.
Access controls, multifactorauthentication, and role-based permissions.
Security testing, code reviews, andvulnerability scanning.
Employee and contractor training onsecurity and privacy practices.
Periodic HIPAA-aligned riskassessments and internal audits.
6. Data Retention: We retain personal and health-relatedinformation only as long as necessary to:
Fulfill the purposes described inthis Privacy Policy;
Comply with contractual or legalrequirements;
Resolve disputes and enforceagreements.
Upon termination of services, client data will be retainedfor up to [Insert Timeframe, e.g., 90 days], after which it will besecurely deleted or de-identified, unless otherwise required by law.
7. Your Rights: Depending on your jurisdiction and role, youmay have rights to:
Access, correct, or delete personalinformation we maintain.
Receive an accounting ofdisclosures under HIPAA.
Restrict or object to certaintypes of processing.
Withdraw consent, where applicable.
Designate an authorizedrepresentative to act on your behalf.
Requests may be subject to identity verification and legalexceptions. Contact us using the information in Section 10 to exercise yourrights.
8. Cookies and Tracking Technologies: We may use cookies,web beacons, and similar technologies to:
Analyze usage trends and improvefunctionality;
Maintain session authentication andpreferences;
Enhance system performance andsupport.
You can manage cookie settings through your browser. Formore information, refer to our Cookie Policy if available.
9. Changes to This Policy: We may revise this Privacy Policyperiodically. Updates will be posted on our website with the “Effective Date.”Where appropriate, we will notify you through email or in-application alerts.Your continued use of the services after changes indicates your acceptance ofthe updated policy.
10. Contact Us: If you have questions orconcerns about this Privacy Policy or how we handle personal data, pleasecontact: CodeGuru LLC dba CodePilotAttn:Privacy Officer4545 W 131st Ter Leawood, KS 66209help@flycodepilot.com