Privacy Policy

We collect the following categories of information: • Contact information: name, email address, phone number, practice name, and practice size when you submit a form or create an account. • Usage data: pages visited, time on site, referring URL, browser type, and IP address through analytics tools. • Protected Health Information (PHI): billing data, claim information, and related documents you upload through the secure client portal. PHI is handled under a separate Business Associate Agreement (BAA) in accordance with HIPAA. • Communications: messages you send through our contact forms or portal messaging system.

We use collected information to: • Provide OB/GYN medical billing and revenue cycle management services. • Respond to inquiries and schedule consultations. • Send transactional emails related to your account or service delivery. • Improve our website and services based on usage analytics. • Comply with legal obligations, including HIPAA and applicable state regulations. We do not sell, rent, or share your personal information with third parties for marketing purposes.

OBGYNBillingPro is a Business Associate under HIPAA. We handle Protected Health Information (PHI) only as described in our Business Associate Agreement (BAA), which is required before any PHI is shared with us. PHI is: • Encrypted at rest using AES-256 (AWS KMS). • Encrypted in transit using TLS 1.3+. • Accessible only to authorized personnel with the minimum necessary access. • Never stored in application logs, analytics, or error-tracking systems. • Subject to mandatory FIDO2/TOTP multi-factor authentication for portal access. To request a BAA, contact us at support@obgynbillingpro.com.

We work with the following vendors that may process data on our behalf: • AWS (S3, RDS) — Cloud storage and database (HIPAA-eligible, BAA signed) • Resend — Transactional email (BAA-covered) • Vercel — Hosting platform (BAA available) • PostHog — Product analytics (no PHI transmitted) • Sentry — Error tracking (no PHI in error payloads) All vendors with access to ePHI are required to sign a BAA prior to go-live.

• Lead and contact form data: retained for 2 years from last contact. • Portal data and documents: retained per the terms of your service agreement, minimum 6 years per HIPAA record retention requirements. • Audit logs: 90-day hot storage, then archived to S3 Glacier for 6 years. • Analytics data: retained for 24 months. You may request deletion of your personal data (excluding data we are legally required to retain) by contacting us.

You have the right to: • Access the personal information we hold about you. • Request correction of inaccurate data. • Request deletion of your data where legally permissible. • Opt out of marketing communications at any time by clicking "Unsubscribe" or contacting us. • For PHI: exercise your rights under HIPAA, including the right to access and amend your health information. Contact your covered entity (your OB/GYN practice) to exercise these rights.

We use first-party cookies for session management and analytics. We do not use third-party advertising cookies. You can control cookie preferences through your browser settings. Analytics: We use PostHog for product analytics. PostHog does not receive any PHI. You can opt out of analytics by enabling "Do Not Track" in your browser.

We implement administrative, technical, and physical safeguards to protect your information. These include AES-256 encryption, TLS 1.3+, phishing-resistant MFA, role-based access control, and immutable audit logging. See our HIPAA Compliance page for full technical details. Despite our safeguards, no internet transmission is completely secure. If you believe your information has been compromised, contact us immediately.

We may update this Privacy Policy periodically. Material changes will be communicated via email to active clients and posted on this page with an updated effective date. Continued use of our services after such changes constitutes acceptance of the updated policy.

For privacy-related inquiries: Email: support@obgynbillingpro.com Phone: +923447864656 OBGYNBillingPro United States