Privacy Policy

Platinum Health Systems, Inc. ("Platinum," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our chiropractic practice management platform, website, and related services (collectively, the "Services").

1. Information We Collect

1.1 Information You Provide

We collect information you voluntarily provide to us, including:

• Account registration details (name, email, phone number, practice name)
• Billing and payment information (credit card numbers, billing address)
• Practice information (NPI number, tax ID, practice address)
• Communications you send to us (support tickets, emails, chat messages)
• Content you upload to the platform (documents, images, notes)

1.2 Protected Health Information (PHI)

Through your use of our EHR and practice management features, you may enter Protected Health Information as defined by HIPAA. This includes patient names, dates of birth, diagnoses, treatment records, insurance information, and other health-related data. Our handling of PHI is governed by our Business Associate Agreement (BAA) and applicable HIPAA regulations.

1.3 Automatically Collected Information

When you access our Services, we automatically collect:

• Device information (browser type, operating system, device identifiers)
• Log data (IP address, access times, pages viewed, referring URL)
• Usage data (features used, click patterns, session duration)
• Location data (general geographic location based on IP address)

2. How We Use Information

We use the information we collect to:

• Provide, maintain, and improve our Services
• Process transactions and send related information (confirmations, invoices)
• Send technical notices, updates, security alerts, and administrative messages
• Respond to your comments, questions, and customer service requests
• Monitor and analyze trends, usage, and activities to improve user experience
• Detect, investigate, and prevent fraudulent transactions and unauthorized access
• Personalize and improve your experience with the platform
• Comply with legal obligations and enforce our terms of service

3. Information Sharing

We do not sell your personal information. We may share information in the following circumstances:

• Service Providers: Third-party vendors who perform services on our behalf (hosting, payment processing, analytics, customer support) under strict confidentiality agreements.
• Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred as a business asset.
• Legal Requirements: When required by law, subpoena, court order, or governmental regulation, or when we believe disclosure is necessary to protect our rights or the safety of others.
• With Your Consent: We may share information with third parties when you give us explicit permission to do so.

4. Data Security

We implement industry-standard security measures to protect your information, including:

• AES-256 encryption for data at rest and TLS 1.3 for data in transit
• Multi-factor authentication (MFA) for account access
• Regular security audits and penetration testing
• Role-based access controls and principle of least privilege
• Automated threat detection and intrusion prevention systems
• SOC 2 Type II certified infrastructure

While we strive to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

5. HIPAA Compliance

Platinum operates as a Business Associate under HIPAA. We maintain compliance with the HIPAA Privacy Rule, Security Rule, and Breach Notification Rule. Key provisions include:

• We execute Business Associate Agreements (BAAs) with all covered entity clients
• PHI is encrypted at rest and in transit using HIPAA-compliant standards
• Access to PHI is logged, monitored, and restricted to authorized personnel
• We maintain a comprehensive incident response and breach notification plan
• All employees undergo annual HIPAA training and certification
• Regular risk assessments are conducted in accordance with HIPAA requirements

6. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to collect and track information about your activity on our Services. Types of cookies we use:

• Essential Cookies: Required for the platform to function properly (authentication, security, session management).
• Analytics Cookies: Help us understand how visitors interact with our website to improve performance and user experience.
• Functional Cookies: Remember your preferences and settings (language, display preferences).
• Marketing Cookies: Used to deliver relevant advertisements and track marketing campaign effectiveness.

You can control cookie preferences through your browser settings. Disabling certain cookies may limit your ability to use some features of our Services.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request that we correct inaccurate or incomplete information.
• Deletion: Request that we delete your personal information, subject to legal retention requirements.
• Portability: Request a machine-readable copy of your data.
• Opt-Out: Unsubscribe from marketing communications at any time.
• Restriction: Request that we limit the processing of your personal information.

To exercise any of these rights, please contact us at privacy@platinumsystem.com. We will respond to your request within 30 days.

8. Data Retention

We retain your personal information for as long as your account is active or as needed to provide Services. After account termination, we retain data as follows:

• Account Data: Deleted within 90 days of account closure, unless retention is required by law.
• PHI: Retained in accordance with HIPAA requirements and applicable state medical record retention laws (typically 7-10 years).
• Billing Records: Retained for 7 years for tax and regulatory compliance.
• Usage Logs: Retained for up to 2 years for security and analytics purposes.

9. Children's Privacy

Our Services are not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information promptly. If you believe we have inadvertently collected information from a child under 13, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Post the updated policy on this page with a revised "Last Updated" date
• Notify you via email or through an in-app notification
• Obtain your consent where required by applicable law

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

11. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us: