Compliantly

Privacy Policy

Your privacy is important to us. Learn how we collect, use, and protect your information.

Privacy Policy

Last Updated: November 30, 2025

Compliantly ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our healthcare compliance monitoring platform and related services (the "Service").

Please read this Privacy Policy carefully. By using the Service, you consent to the practices described in this policy.

1. Information We Collect

1.1 Information You Provide

Account Information

  • Name and email address
  • Company/organization name
  • Billing information (processed securely through Stripe)
  • Password (stored in encrypted form)

Domain Information

  • Domain names you register for monitoring
  • Website URLs and configurations
  • Monitoring preferences and settings

Communications

  • Support requests and correspondence
  • Feedback and suggestions
  • Survey responses

1.2 Information Collected Automatically

Usage Data

  • Log data (IP addresses, browser type, pages visited)
  • Device information (operating system, device type)
  • Access times and dates
  • Features used and actions taken within the Service

Monitoring Data When monitoring your websites, we collect:

  • Website availability status and response times
  • SSL certificate information
  • DNS records
  • Security header configurations
  • CMS compliance file contents (cms-hpt.txt, MRF files)
  • Third-party scripts detected on your websites
  • SEO metadata and page structure information

1.3 Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Maintain your session and authentication
  • Remember your preferences
  • Analyze usage patterns
  • Improve the Service

You can control cookies through your browser settings, but disabling cookies may limit your use of certain features.

2. How We Use Your Information

We use collected information for the following purposes:

2.1 Providing the Service

  • Monitoring your websites for compliance issues
  • Generating compliance reports and alerts
  • Processing payments and managing subscriptions
  • Providing customer support

2.2 Improving the Service

  • Analyzing usage patterns to improve features
  • Developing new features and functionality
  • Troubleshooting technical issues
  • Conducting research and analysis

2.3 Communications

  • Sending compliance alerts and notifications
  • Providing service updates and announcements
  • Responding to your requests and inquiries
  • Sending marketing communications (with your consent)

2.4 Security and Legal Compliance

  • Detecting and preventing fraud
  • Enforcing our Terms of Service
  • Complying with legal obligations
  • Protecting our rights and property

3. Information Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

3.1 Service Providers

We work with third-party service providers who assist us in operating the Service:

Provider Purpose Data Shared
Stripe Payment processing Billing information
Email services Transactional emails Email address, name
Cloud hosting Infrastructure All service data (encrypted)
Analytics Usage analysis Anonymized usage data

3.2 Legal Requirements

We may disclose information when required to:

  • Comply with applicable laws or regulations
  • Respond to valid legal process (subpoenas, court orders)
  • Protect the rights and safety of users and third parties
  • Enforce our Terms of Service

3.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

3.4 With Your Consent

We may share information for other purposes with your explicit consent.

4. Data Security

We implement industry-standard security measures to protect your information:

Technical Safeguards

  • Encryption of data in transit (TLS/SSL)
  • Encryption of sensitive data at rest
  • Regular security assessments and audits
  • Access controls and authentication requirements
  • Secure development practices

Organizational Safeguards

  • Employee access limited to need-to-know basis
  • Security awareness training
  • Incident response procedures
  • Regular security reviews

Important Note: While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

5. Data Retention

We retain your information for as long as necessary to:

  • Provide the Service to you
  • Comply with legal obligations
  • Resolve disputes and enforce agreements
  • Meet our legitimate business needs

Retention Periods

Data Type Retention Period
Account information Duration of account + 90 days
Monitoring data Based on subscription tier (90-365 days)
Billing records 7 years (legal requirement)
Support communications 3 years
Usage logs 12 months

Upon account termination, we will delete or anonymize your personal information within 90 days, unless retention is required by law.

6. Your Rights and Choices

6.1 Access and Portability

You have the right to:

  • Access the personal information we hold about you
  • Request a copy of your data in a portable format
  • Review and update your account information

6.2 Correction and Deletion

You have the right to:

  • Correct inaccurate personal information
  • Request deletion of your personal information
  • Delete your account at any time

6.3 Marketing Communications

You can opt out of marketing communications by:

  • Clicking "unsubscribe" in any marketing email
  • Updating your notification preferences in account settings
  • Contacting us directly

6.4 Do Not Track

We currently do not respond to "Do Not Track" browser signals.

7. International Data Transfers

Our Service is hosted in the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States.

By using the Service, you consent to the transfer of your information to the United States, where data protection laws may differ from those in your country.

8. Children's Privacy

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will delete it promptly.

9. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to Know: You can request disclosure of the categories and specific pieces of personal information we have collected about you.

Right to Delete: You can request deletion of your personal information, subject to certain exceptions.

Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

Right to Opt-Out: You have the right to opt-out of the "sale" of personal information. We do not sell personal information.

To exercise these rights, contact us at [email protected].

10. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

Legal Basis for Processing We process your personal data based on:

  • Your consent (which you can withdraw at any time)
  • Performance of our contract with you
  • Our legitimate business interests
  • Compliance with legal obligations

Additional Rights

  • Right to access and rectification
  • Right to erasure ("right to be forgotten")
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent
  • Right to lodge a complaint with a supervisory authority

11. Healthcare-Specific Considerations

11.1 HIPAA Notice

Compliantly is a compliance monitoring tool and does not store, process, or transmit Protected Health Information (PHI) as defined under HIPAA. Our Service monitors publicly accessible website content and technical configurations.

11.2 Website Monitoring

When we monitor your healthcare websites, we only access:

  • Publicly available pages
  • Technical configurations (headers, certificates)
  • Compliance files (cms-hpt.txt, machine-readable files)

We do not access password-protected areas, patient portals, or any systems containing PHI.

11.3 Third-Party Scripts

Our HIPAA script monitoring identifies third-party scripts present on your websites. We analyze script sources and configurations but do not intercept or collect any data transmitted by these scripts.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Post the updated policy on our website
  • Update the "Last Updated" date at the top
  • Notify you by email if required by law

Your continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Compliantly Email: [email protected] Website: https://compliantly.health

Data Protection Inquiries For GDPR or CCPA-related requests, please email: [email protected]

Response Time: We will respond to your inquiry within 30 days, or sooner as required by applicable law.

This Privacy Policy is effective as of the "Last Updated" date above. Your continued use of Compliantly constitutes acceptance of this Privacy Policy.

Read our Terms of Service Return to Homepage Contact Us