At OpenVisits, our mission is to provide healthcare providers with simple, robust, and secure electronic health record (EHR) solutions that improve practice efficiency and patient care outcomes. Privacy and security are fundamental to our mission and core values.

This Privacy Policy explains what information we collect from or about you, how we collect it, how we use it, who we share it with, and your choices regarding your information when you use our Services.

When we use terms like "OpenVisits," "we," "our," or "us," we are referring to OpenVisits, LLC and its affiliates. When we refer to "Services," we mean all of our products and services, including our website, mobile applications, cloud-based EHR platform, practice management systems, patient portals, communication services, and related healthcare technology solutions.

For information provided through our EHR platform and related clinical Services, we have entered into Business Associate Agreements and service agreements with our healthcare provider clients ("Providers") that govern our use of Protected Health Information. This Privacy Policy supplements those agreements.

Important Distinction: If you are a patient of a healthcare provider using our Services, this Privacy Policy does not govern our handling of your Protected Health Information (PHI). Our use of PHI is governed by our Business Associate Agreements with your healthcare provider and applicable laws, including HIPAA. Your provider's privacy practices govern their collection, use, and disclosure of your PHI. Please direct all questions about your medical information to your healthcare provider.

By using our Services, you consent to our collection, use, disclosure, and processing of your information as described in this Privacy Policy.

When you access and use our Services, we may collect the following types of information:

Personal Information

Personal Information is information that can identify, contact, or locate you. This includes your name, address, email address, phone number, professional credentials, medical specialty, employer information, billing and payment information, device information, and communications with us. Personal Information may include Location Information and Usage Data but does not include Protected Health Information, which is governed separately under HIPAA.

Location Information

Location Information is derived from GPS, Wi-Fi, IP addresses, or other location-indicating information from your device or internet connection when accessing our Services.

Usage Data

Usage Data includes information automatically collected about your use of our Services, such as IP addresses, device identifiers, browser information, operating system details, pages visited, features used, time stamps, and performance metrics. Usage Data is generally not Personal Information but may become so in certain circumstances.

Protected Health Information (PHI)

PHI is individually identifiable health information protected under HIPAA. Our handling of PHI is governed by Business Associate Agreements with healthcare providers and applicable healthcare privacy laws, not this Privacy Policy.

Biometric Information

When healthcare providers use voice-to-text or dictation features, voice recordings and voiceprints may be collected and processed to provide transcription services and improve our speech recognition capabilities.

We collect information in several ways:

Information You Provide

• When you register for or use our Services
• When you contact us for support, demos, or information
• When you subscribe to our services or create accounts
• When you attend our training sessions, webinars, or events
• When you apply for employment with us
• When you visit our facilities

Automatically Collected Information

We automatically collect Usage Data when you use our Services, including through cookies, log files, and similar technologies. With your permission, we may access device features like cameras for document scanning or other Service features.

Third-Party Sources

We may obtain information from publicly available sources, business directories, marketing partners, and other legitimate third-party sources to enhance our Services or communicate with potential clients.

Note: You are not required to provide Personal Information, but refusing to do so may limit our ability to provide certain Services or features.

We use your information for the following purposes:

Service Delivery

• Provide, maintain, and improve our EHR and healthcare technology Services
• Process subscriptions, payments, and billing
• Verify identity and manage user accounts
• Provide technical support and customer service
• Deliver training and onboarding services

Communication

• Send service-related notifications and updates
• Provide information about new features or services
• Send marketing communications (with opt-out options)
• Respond to inquiries and support requests

Service Enhancement

• Personalize user experience and interface preferences
• Analyze usage patterns to improve functionality
• Develop new features and services
• Ensure system security and prevent fraud

Legal and Business Purposes

• Comply with legal obligations and regulatory requirements
• Protect our rights, property, and security
• In connection with business transactions (mergers, acquisitions, etc.)
• Investigate and prevent fraud or unauthorized access

We may de-identify or aggregate information for analytics, research, and business intelligence purposes. Such de-identified information cannot be used to identify individuals and may be used for any lawful purpose.

We use various technologies to collect information and enhance your experience:

Cookies and Similar Technologies

We use cookies, session storage, and similar technologies to remember your preferences, analyze usage patterns, and provide personalized experiences. You can control cookie settings through your browser, though disabling cookies may affect Service functionality.

Analytics Tools

We use analytics services to understand how users interact with our Services, identify areas for improvement, and measure the effectiveness of our features.

Security Monitoring

We employ security monitoring tools to detect and prevent unauthorized access, ensure system integrity, and protect against cyber threats.

User Experience Tools

We may use session replay and user experience analysis tools to improve our interface design and identify usability issues, always in compliance with privacy requirements.

We may share your information in the following circumstances:

Service Delivery

• With healthcare providers when you are their patient using our Services
• With authorized users within your healthcare organization
• At your direction or with your explicit consent

Service Providers

We share information with trusted third-party service providers who assist us in operating our Services, such as cloud hosting providers, payment processors, customer support tools, and security services. These providers are contractually obligated to protect your information and use it only for specified purposes.

Business Partners

We may share information with business partners who provide complementary healthcare technology services or integrations with our platform, always with appropriate data protection agreements in place.

Legal Requirements

We may disclose information when required by law, regulation, court order, or government request, or when necessary to protect our rights, prevent fraud, or ensure safety.

Business Transactions

In the event of a merger, acquisition, sale of assets, or similar business transaction, your information may be transferred to the acquiring entity, subject to the same privacy protections.

Note: We do not sell Personal Information to third parties for their marketing purposes. Any sharing is limited to legitimate business purposes and service delivery.

You have several choices regarding your information:

Marketing Communications

You may opt out of marketing emails by using the unsubscribe link in our communications or by contacting us at info@openvisits.com. Note that you may still receive service-related communications even after opting out of marketing.

Account Information

You can update your account information and preferences through your user dashboard or by contacting our support team.

Device Permissions

You can control mobile app permissions for features like camera access, location services, and push notifications through your device settings.

Cookies and Tracking

You can manage cookie preferences through your browser settings, though this may affect some Service functionality.

Data Rights

Depending on your location, you may have rights to access, correct, delete, or port your personal information. Contact us to exercise these rights, and we will respond within the timeframes required by applicable law.

If you use voice-to-text or dictation features in our Services, your voice recordings and voiceprints may be collected and processed by our speech recognition service providers.

This biometric information is used to:

• Provide accurate speech-to-text transcription
• Improve dictation accuracy and performance
• Enhance voice recognition capabilities

By using voice features, you acknowledge that biometric data may be collected and processed as described. Biometric data is subject to additional legal protections in certain jurisdictions and is handled according to applicable biometric privacy laws.

Your healthcare provider's use of voice features and any resulting biometric data is governed by their own privacy policies and agreements with you.

Residents of certain U.S. states have additional privacy rights under state laws such as the California Consumer Privacy Act (CCPA), Colorado Privacy Act (CPA), and similar legislation.

These rights may include:

• Right to know what personal information we collect and how we use it
• Right to delete personal information we have collected
• Right to correct inaccurate personal information
• Right to opt out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising privacy rights

To exercise these rights, please contact us using the information provided in the Contact section. We will verify your identity and respond to your request within the timeframes required by applicable law.

Note that certain information may be exempt from these rights, such as information necessary to provide healthcare services or comply with legal obligations.

Our Services are intended for use by healthcare professionals and adults. We do not knowingly collect personal information from children under 13 years of age except as necessary to provide healthcare services through our provider clients.

When healthcare providers use our Services to treat pediatric patients, any protected health information is collected and processed under HIPAA and applicable healthcare privacy laws, not under this Privacy Policy.

If we learn that we have collected personal information from a child under 13 outside of the healthcare context, we will delete that information promptly. Parents or guardians with concerns about their child's information should contact us immediately.

Protecting your information is a top priority. We implement comprehensive security measures including:

• Encryption of data in transit and at rest
• Regular security assessments and penetration testing
• Access controls and authentication requirements
• Employee security training and background checks
• Network security monitoring and intrusion detection
• Secure cloud infrastructure with reputable providers
• Regular backup and disaster recovery procedures

Our security practices comply with healthcare industry standards including HIPAA Security Rule requirements when handling protected health information.

While we implement robust security measures, no system is completely secure. We cannot guarantee absolute security of information transmitted over the internet or stored on our systems. We encourage you to use strong passwords and follow security best practices when using our Services.

If you suspect unauthorized access to your account or have security concerns, please contact us immediately.

Our Services are intended for use within the United States and are designed to comply with U.S. healthcare regulations including HIPAA.

If you access our Services from outside the United States:

• Any information you provide will be transferred to and processed in the United States
• Your use of our Services constitutes consent to this transfer and processing
• U.S. privacy laws will govern the handling of your information
• Your local privacy laws may not apply to your use of our Services

If you do not consent to the transfer and processing of your information in the United States, please do not use our Services.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you through our Services or by email (if you have provided an email address)
• Provide reasonable advance notice when possible

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

Your continued use of our Services after changes become effective constitutes acceptance of the updated Privacy Policy. If you do not agree with any changes, please discontinue use of our Services.

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

We will respond to privacy-related inquiries within 30 days of receipt, or as required by applicable law.