Privacy Policy
The privacy of your data — and it is your data, not ours! — is a big deal to us. We know our customers care deeply about privacy and data security. That’s why CompanyOn gives customers ownership and control over their content through simple, but powerful tools that allow customers to access and store securely their data in transit or at rest.
Identity and Access
When you sign up for CompanyOn, we ask for your name, your phone, and email address. That’s just so you can personalize your new account, and we can send you invoices, updates, or other essential information. We will never sell your personal info to third parties, and we won’t use your name or company in marketing statements without your permission, either.
Billing Information
When you pay for CompanyOn, we ask for your credit card and billing address. That’s so we can charge you for service, calculate taxes due, and send you invoices. Your credit card is passed directly to our payment partner and we do not store any payment sensitive information in our servers. We store a record of the payment transaction, for account history, invoicing, and billing support. We store your billing address to print on your invoices, to calculate any sales tax due in Canada, and to detect fraudulent credit card transactions.
When we access or share your information
When you write CompanyOn with a question or to ask for help, we’ll keep that correspondence, and the email address, for future reference. When you browse our marketing pages, we’ll track that for statistical purposes (like conversion rates and to test new designs). We also store any information you volunteer, like surveys, for as long as it makes sense.
The only times we’ll ever share your info:
To provide products or services you’ve requested, with your permission. List of third-party services we use.
To investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Terms of Service, or as otherwise required by law.
If CompanyOn is acquired by or merged with another company — we don’t plan on that, but if it happens — we’ll notify you well before any info about you is transferred and becomes subject to a different privacy policy.
Geolocation Data
We log all access to all accounts by full IP address so that we can always verify no unauthorized access has happened. We keep this login data for as long as your product account is active.
Web analytics data — described further in the Website Interactions section — are also tied temporarily to IP addresses to assist with troubleshooting cases.
Website Interaction
When you browse our marketing pages or applications, your browser automatically shares certain information such as which operating system and browser version you are using. We track that information, along with the pages you are visiting, page load timing, and which website referred you for statistical purposes like conversion rates and to test new designs. We sometimes track specific link clicks to help inform some design decisions. These web analytics data are tied to your IP address and user account if applicable and you are signed into our Services.
Cookies and Do not Track
We do use persistent first-party cookies to store certain preferences, make it easier for you to use our applications, and support some in-house analytics. A cookie is a piece of text stored by your browser to help it remember your login information, site preferences, and more. You can adjust cookie retention settings in your own browser. To learn more about cookies, including how to view which cookies have been set and how to manage and delete them, please visit: www.allaboutcookies.org.
Your Rights With Respect to Your Information
At CompanyOn, we are committed to upholding the highest standards of data privacy for all our customers, irrespective of their geographical location. In line with some of the most progressive privacy regulations worldwide, we adhere to Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), the European Union’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) in the US, and the Health Insurance Portability and Accountability Act (HIPAA). Our commitment extends to recognizing and respecting all the rights conferred by these regulations, within the bounds of applicable law. These rights encompass a wide range of data protections and freedoms, ensuring your personal and that of your clients/patients’ information is handled with the utmost care and confidentiality. Additionally if you provide any Personal Identifiable Information (PII) as email address or phone numbers this information is not shared with any third parties.
Canada’s Federal Private Sector Privacy Legislation
The Personal Information Protection and Electronic Documents Act (PIPEDA) is a Canadian federal law that applies to the collection, use, and disclosure of personal information in the course of commercial activities in all Canadian provinces as supplemented by substantially similar provincial privacy laws in Alberta, British Columbia and Québec. PIPEDA also applies to international and interprovincial transfers of personal information. Our customers are responsible for their own PIPEDA compliance.
At CompanyOn, we recognize and respect the autonomy of each customer in managing their patient data. As a customer, you retain full ownership and control over all the information that is collected, entered, created, or otherwise provided by you and your users while using our Services. Depending on your geographical location and the specific privacy laws that apply to you, you may be classified as a ‘health information custodian,’ a ‘covered entity,’ or a ‘controller.’
As a customer, you have the complete authority to make key decisions regarding your Data, ensuring compliance with applicable laws and regulatory requirements. These decisions include:
- The types of Subscriber Data to collect.
- The intended use of the Subscriber Data.
- Determining which practitioners and staff members are granted access to the Subscriber Data.
- Establishing the duration for storing the Subscriber Data.
- Deciding the criteria for the deletion of Subscriber Data.
We are committed to supporting you in these responsibilities, ensuring that your data management aligns with legal and ethical standards.
Can our customers use CompanyOn and comply with PIPEDA laws?
Our customers have control over the data they access and store within our platform. CompanyOn provides the tools through our features, our servers and cloud security to assist our customers in achieving the security and compliance subject to the PIPEDA regulations.
For more information on using CompanyOn under PIPEDA we encourage you to reach out to your privacy counsel.
Health Insurance Portability and Accountability Act (HIPAA): A Simplified Overview
At CompanyOn, we understand how crucial it is to keep your patient’s health information safe and secure. That’s why our Practice Management Software is designed to meet the stringent requirements of the Health Insurance Portability and Accountability Act (HIPAA). Here’s how we ensure your data remains protected and compliant:
1. Secure Data Handling:
Our software employs advanced encryption technology to protect your data both while it’s stored and during any transmission. This means your patient information is safeguarded against unauthorized access at all times.
2. Regular Updates and Monitoring:
We constantly update our system to stay ahead of potential cyber threats. Our team monitors the system around the clock to detect and address any security concerns promptly.
3. Privacy-First Approach:
CompanyOn is designed with your privacy in mind. We adhere to HIPAA’s Privacy Rule by providing processes that ensure patient health information is only shared with authorized individuals.
4. Controlled Access:
Our support team is equipped to access your account data, but this is strictly limited to instances where you explicitly seek our help. To protect your privacy, every employee is legally bound by robust confidentiality agreements, emphasizing their responsibility in handling sensitive information with utmost care. Access to detailed charts is restricted solely to our senior managers, ensuring that your medical data remains inaccessible to other support staff. Furthermore, we implement rigorous training for all employees, reinforcing their commitment to meticulously uphold our privacy policies.
5. Patient Rights Compliance:
Our software makes it easy for your patients to access their health records, in line with HIPAA’s patient rights guidelines. If they request amendments to their information, you can make changes with no restrictions.
6. Comprehensive Audit Trails:
CompanyOn keeps detailed logs of all activities involving patient health information. This helps in maintaining a transparent record for audits and ensuring accountability.
7. Training and Support:
We provide comprehensive training materials to our support team to help them understand and implement best practices for HIPAA compliance.
8. Breach Response Plan:
In the unlikely event of a data breach, CompanyOn has a robust response plan in place to minimize any potential impact and comply with HIPAA’s Breach Notification Rule.
Our commitment to HIPAA compliance is part of our promise to you. With CompanyOn, you can focus on providing excellent care to your patients, knowing that their data is secure and handled in full compliance with HIPAA regulations.
Can our customers use CompanyOn and comply with HIPAA’s laws?
Our customers have control over the data they access and store within our platform. CompanyOn provides the tools through our processes, our servers and cloud security to assist our customers in achieving the security and compliance subject to the HIPPA regulations.
As our valued customer, if you’re covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), we’re more than ready to collaborate with you. Simply reach out to us, and we’ll promptly initiate the process to establish a Business Associate Agreement (BAA) tailored to your needs. To request a copy of our BAA, please don’t hesitate to contact us. We’re here to assist and ensure your compliance needs are met with the utmost efficiency and care.
This content serves as an informational guide only and does not constitute an official legal interpretation of the law. It is not binding on the Office for Civil Rights within the U.S. Department of Health and Human Services. Importantly, this information is not designed to, and should not, substitute for formal legal advice from a qualified professional.
Processors We Use
As part of the services we provide, and only to the extent necessary, we may use certain third party processors to process some or all of your personal information.
Credit card information, processing and security is implemented using our third party payment gateway’s security measures in all transactions. Credit card details are NOT stored within our servers, they are stored securely by our third party payment gateway used by the Service for payment processing. Please see Stripes’ terms of use to learn more.
Law Enforcement
Conceptualshift Inc. the parent Company of CompanyOn, won’t hand your data over to law enforcement unless a court order says we have to. We flat-out reject requests from local and federal law enforcement when they seek data without a court order. And unless we’re legally prevented from it, we’ll always inform you when such requests are made.
Security and Encryption
All data is encrypted via SSL/TLS when transmitted from our servers to your browser. The database backups are also encrypted.
For more information about how we keep your information secure, please review our security overview.
Deleted Data
When you cancel your account, we’ll ensure that nothing is stored on our servers past 30 days. Anything you delete on your account while it’s active will also be purged within 30 days (up until then it’s available as inactive, or as we call it in the trash can).
Location of Site and Data
This Site is operated in Canada. If you are located in the European Union or elsewhere outside of Canada, please be aware that any information you provide to us will be transferred to Canada. By using our Site, participating in any of our services and/or providing us with your information, you consent to this transfer.
Changes & questions
CompanyOn may update this policy once in a while—we’ll notify you about significant changes by emailing the account owner or by placing a prominent notice on our site. You can access, change or delete your personal information at any time through the Service or by contacting us.
Questions about this policy? Get in touch and we’ll be happy to answer them!
This content is licensed under a Creative Commons Attribution 4.0 International License. By basecamp.