Privacy Policy

Last updated: March 19, 2026

ComplyMD ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our HIPAA compliance software and website at www.complymd.ai.

1. Information We Collect

We collect information you provide directly to us, including:

• Account information: Name, email address, practice name, and role when you create an account.
• Assessment data: Responses to HIPAA compliance assessment questions about your practice's policies, procedures, and technical safeguards.
• Payment information: Billing details processed securely through Stripe. We do not store credit card numbers.
• Communications: Emails or messages you send to us.

2. Information We Do NOT Collect

• Protected Health Information (PHI): ComplyMD does not collect, store, or process patient health data. Our assessment questions are about your practice's compliance posture, not about individual patients.
• Patient records: We never ask for or access patient records, medical charts, or clinical data.

3. How We Use Your Information

• To provide and maintain our HIPAA compliance software
• To generate your custom policy documents and risk assessment reports
• To send you compliance alerts, product updates, and support communications
• To process payments and manage your subscription
• To improve our software and develop new features

4. Data Security

We implement industry-standard security measures to protect your data:

• All data is encrypted at rest and in transit (AES-256 / TLS 1.3)
• Access controls and audit logging on all systems
• Infrastructure hosted on HIPAA-compliant platforms with signed Business Associate Agreements
• Regular security assessments and monitoring

5. Data Sharing

We do not sell your data. We share information only with:

• Service providers: Infrastructure and payment providers who have signed appropriate agreements (e.g., Stripe, Railway, Vercel, Clerk).
• Legal requirements: When required by law or to protect our legal rights.

6. Your Rights

You have the right to:

• Access and download your assessment data
• Request correction of inaccurate information
• Request deletion of your account and associated data
• Opt out of marketing communications at any time

7. Data Retention

We retain your account data for as long as your account is active. Assessment data and generated documents are retained for the duration of your subscription plus 90 days. You may request deletion at any time by contacting us.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a notice on our website.

9. Contact Us

If you have questions about this Privacy Policy, contact us at:

Email: privacy@complymd.ai
Website: www.complymd.ai