Privacy Policy

We use collected information solely for legitimate business purposes:

• Service Delivery: Conducting risk assessments, security planning, and ongoing support
• Communication: Providing updates, reports, and responding to inquiries
• Compliance: Meeting regulatory requirements including HIPAA, NIST, and FDA guidelines
• Quality Improvement: Enhancing our methodologies and service offerings
• Legal Obligations: Complying with applicable laws and regulations

We implement comprehensive security controls to protect your information:

• Encryption: All data is encrypted in transit and at rest using industry-standard protocols
• Access Controls: Role-based access with multi-factor authentication
• Network Security: Firewalls, intrusion detection, and secure VPN connections
• Physical Security: Secure facilities with controlled access and monitoring
• Regular Audits: Continuous monitoring and third-party security assessments
• Incident Response: 24/7 monitoring with rapid response procedures

We do not sell, rent, or share your information except in these limited circumstances:

• With Your Consent: When you explicitly authorize information sharing
• Service Providers: Trusted partners who assist in service delivery (under strict confidentiality agreements)
• Legal Requirements: When required by law, court order, or regulatory authority
• Business Transfers: In the event of a merger or acquisition (with continued privacy protections)

We retain information only as long as necessary:

• Assessment Data: Retained for 7 years or as required by healthcare regulations
• Contact Information: Maintained while business relationship exists
• Legal Hold: Extended retention when required for legal proceedings
• Secure Disposal: All data is securely destroyed when retention period expires

You have the following rights regarding your personal information:

• Access: Request copies of your personal information
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your information (subject to legal requirements)
• Portability: Request transfer of your data to another organization
• Restriction: Request limitation of processing activities
• Objection: Object to certain types of data processing

Our website uses minimal tracking technologies:

• Essential Cookies: Required for website functionality
• Analytics: Anonymous usage statistics to improve our services
• No Third-Party Tracking: We do not use advertising or social media tracking
• Cookie Control: You can disable cookies through your browser settings

All data processing occurs within secure, HIPAA-compliant facilities. If international transfers are necessary, we ensure:

• Adequate protection through approved transfer mechanisms
• Contractual safeguards with international partners
• Compliance with applicable data protection laws
• Client notification and consent when required