Privacy Policy

The privacy of your data — and it is your data, not ours — is a big deal to us. We know our customers care deeply about privacy and data security. That's why CompanyOn gives customers ownership and control over their content through simple but powerful tools that allow you to access and store your data securely, both in transit and at rest.

Identity and Access

When you sign up for CompanyOn, we ask for your name, phone number, and email address. That's just so we can personalize your new account and send you invoices, updates, and other essential information. We will never sell your personal info to third parties, and we won't use your name or company in marketing statements without your permission.

Billing Information

When you pay for CompanyOn, we ask for your credit card and billing address. That's so we can charge you for service, calculate taxes due, and send you invoices. Your credit card details are passed directly to our payment partner, and we do not store any payment-sensitive information on our servers.

We store a record of the payment transaction for account history, invoicing, and billing support. We store your billing address to print on your invoices, calculate any sales tax due in Canada, and help detect fraudulent credit card transactions.

When We Access or Share Your Information

When you write to CompanyOn with a question or to ask for help, we'll keep that correspondence — and your email address — for future reference. When you browse our marketing pages, we'll track that for statistical purposes (like conversion rates and to test new designs). We also store any information you volunteer, like surveys, for as long as it makes sense.

The only times we'll ever share your info:

• To provide products or services you've requested, with your permission.
• To investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Terms of Service, or as otherwise required by law.
• If CompanyOn is acquired by or merged with another company — we don't plan on that, but if it happens — we'll notify you well before any info about you is transferred and becomes subject to a different privacy policy.

Geolocation Data

We log all access to all accounts by full IP address so we can always verify no unauthorized access has happened. We keep this login data for as long as your account is active. Web analytics data is also tied temporarily to IP addresses to assist with troubleshooting cases.

Website Interaction

When you browse our marketing pages or applications, your browser automatically shares certain information such as the operating system and browser version you're using. We track that information, along with the pages you visit, page load timing, and which website referred you, for statistical purposes like conversion rates and to test new designs.

Cookies and Do Not Track

We use persistent first-party cookies to store certain preferences, make it easier for you to use our applications, and support some in-house analytics. A cookie is a piece of text stored by your browser to help it remember your login information, site preferences, and more. You can adjust cookie retention settings in your browser. To learn more about cookies, visit www.allaboutcookies.org.

Your Rights With Respect to Your Information

At CompanyOn, we are committed to upholding the highest standards of data privacy for all our customers, regardless of geographical location. We adhere to:

• Canada's Personal Information Protection and Electronic Documents Act (PIPEDA)
• The European Union's General Data Protection Regulation (GDPR)
• The California Consumer Privacy Act (CCPA) in the US
• The Health Insurance Portability and Accountability Act (HIPAA)

Our commitment extends to recognizing and respecting all rights conferred by these regulations. These rights encompass a wide range of data protections and freedoms, ensuring your personal information — and that of your clients/patients — is handled with the utmost care and confidentiality.

If you provide any Personally Identifiable Information (PII) such as email addresses or phone numbers, this information is not shared with any third parties.

Canada's Federal Private Sector Privacy Legislation

The Personal Information Protection and Electronic Documents Act (PIPEDA) is a Canadian federal law that applies to the collection, use, and disclosure of personal information in the course of commercial activities in all Canadian provinces, as supplemented by substantially similar provincial privacy laws in Alberta, British Columbia, and Québec. PIPEDA also applies to international and interprovincial transfers of personal information.

Our customers are responsible for their own PIPEDA compliance. As a customer, you retain full ownership and control over all the information collected, entered, created, or otherwise provided by you and your users while using our Services. Depending on your geographical location and the specific privacy laws that apply to you, you may be classified as a 'health information custodian,' a 'covered entity,' or a 'controller.'

You have complete authority to make key decisions regarding your Data, ensuring compliance with applicable laws and regulatory requirements. These decisions include:

• The types of Subscriber Data to collect
• The intended use of the Subscriber Data
• Determining which practitioners and staff members are granted access to the Subscriber Data
• Establishing the duration for storing the Subscriber Data
• Deciding the criteria for the deletion of Subscriber Data

HIPAA: A Simplified Overview

At CompanyOn, we understand how crucial it is to keep your patients' health information safe and secure. Our practice management software is designed to meet the stringent requirements of the Health Insurance Portability and Accountability Act (HIPAA). Here's how we ensure your data remains protected and compliant:

1. Secure Data Handling Our software employs advanced encryption technology to protect your data both while stored and during transmission. Your patient information is safeguarded against unauthorized access at all times.
2. Regular Updates and Monitoring We constantly update our system to stay ahead of potential cyber threats. Our team monitors the system around the clock to detect and address security concerns promptly.
3. Privacy-First Approach We adhere to HIPAA's Privacy Rule by providing processes that ensure patient health information is only shared with authorized individuals.
4. Controlled Access Our support team can access your account data only when you explicitly seek our help. Every employee is legally bound by confidentiality agreements. Access to detailed charts is restricted to senior managers, ensuring your medical data remains protected.
5. Patient Rights Compliance Our software makes it easy for your patients to access their health records, in line with HIPAA's patient rights guidelines. If they request amendments, you can make changes with no restrictions.
6. Comprehensive Audit Trails CompanyOn keeps detailed logs of all activities involving patient health information for transparent record-keeping and accountability.
7. Training and Support We provide comprehensive training materials to our support team to help them understand and implement HIPAA compliance best practices.
8. Breach Response Plan In the unlikely event of a data breach, CompanyOn has a robust response plan in place to minimize impact and comply with HIPAA's Breach Notification Rule.

Can our customers use CompanyOn and comply with HIPAA?

Our customers have control over the data they access and store within our platform. CompanyOn provides the tools through our processes, servers, and cloud security to assist customers in achieving security and compliance subject to HIPAA regulations.

If you're covered by HIPAA, we're ready to collaborate. Simply reach out to [email protected], and we'll promptly initiate the process to establish a Business Associate Agreement (BAA) tailored to your needs.

Processors We Use

As part of the services we provide, and only to the extent necessary, we may use certain third-party processors to process some or all of your personal information.

Credit card information, processing, and security are implemented using our third-party payment gateway's security measures in all transactions. Credit card details are NOT stored within our servers — they are stored securely by our third-party payment gateway, Stripe.

Please see Stripe's Terms of Use to learn more.

Law Enforcement

Conceptualshift Inc., the parent company of CompanyOn, won't hand your data over to law enforcement unless a court order requires us to. We flat-out reject requests from local and federal law enforcement when they seek data without a court order. And unless we're legally prevented from it, we'll always inform you when such requests are made.

Security and Encryption

All data is encrypted via SSL/TLS when transmitted from our servers to your browser. The database backups are also encrypted. For more details on how we keep your information secure, please review our Security Overview.

Deleted Data

When you cancel your account, we'll ensure that nothing is stored on our servers past 30 days. Anything you delete on your account while it's active will also be purged within 30 days (up until then, it's available as inactive, or what we call the "trash can").

Location of Site and Data

This Site is operated in Canada. If you are located in the European Union or elsewhere outside of Canada, please be aware that any information you provide to us will be transferred to Canada. By using our Site, participating in any of our services, or providing us with your information, you consent to this transfer.

Changes & Questions

CompanyOn may update this policy occasionally — we'll notify you about significant changes by emailing the account owner or by placing a prominent notice on our site. You can access, change, or delete your personal information at any time through the Service or by contacting us at [email protected].