Privacy Policy

Last Updated: January 1, 2025

RevTechSquare, LLC ("RevTechSquare," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit our website revtechsquare.com (the "Site") or use our services. By accessing our Site or engaging our services, you consent to the practices described in this Privacy Policy.

1. Information We Collect

We collect information in several ways when you interact with our Site or services:

Personal Information You Provide Directly:

• Contact Form Submissions: When you fill out our contact form, we collect your full name, email address, phone number, company or practice name, the service you are interested in, and the content of your message.
• Newsletter Subscriptions: When you subscribe to our newsletter, we collect your email address.
• Phone and Email Communications: When you call or email us, we may collect information you provide during the conversation, including your name, contact details, practice information, and the nature of your inquiry.

Information Collected Automatically:

• Device and Browser Information: We automatically collect your IP address, browser type and version, operating system, referring URL, pages visited, time spent on pages, and the date and time of your visit.
• Cookies and Similar Technologies: We use cookies, web beacons, and similar tracking technologies to collect information about your browsing activity. See the "Cookies and Tracking Technologies" section below for more details.
• Log Data: Our servers automatically record information ("log data") created by your use of the Site, which may include your IP address, browser type, the pages you visit, and other statistics.

Protected Health Information (PHI):

• In the course of providing our revenue cycle management, medical billing, and coding services, we may access, process, or store Protected Health Information as defined by HIPAA. Our handling of PHI is governed by our Business Associate Agreements (BAA) with our clients and by the provisions outlined in the HIPAA Compliance section of this policy.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To provide, maintain, and improve our revenue cycle management, medical billing, coding, and other professional services.
• Communication: To respond to your inquiries, send you requested information, and communicate about our services, updates, and promotions.
• Lead Management: To manage and follow up on service inquiries submitted through our contact form.
• Newsletter: To send you periodic newsletters with industry insights, coding updates, and company news (only if you have opted in).
• Website Improvement: To analyze usage patterns, optimize our Site's performance, and improve user experience.
• Security: To detect, prevent, and address technical issues, fraud, and security concerns.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests.

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

3. HIPAA Compliance

As a provider of healthcare revenue cycle management services, RevTechSquare is committed to full compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), including the Privacy Rule, Security Rule, and Breach Notification Rule. Our HIPAA compliance program includes:

• Business Associate Agreements (BAA): We execute BAAs with all healthcare provider clients before accessing any Protected Health Information, establishing our obligations for safeguarding PHI.
• Administrative Safeguards: We maintain written policies and procedures for PHI handling, conduct regular risk assessments, designate a Privacy Officer and Security Officer, and provide mandatory HIPAA training to all employees at least annually.
• Physical Safeguards: Access to areas where PHI is processed is restricted to authorized personnel. Workstations and devices are physically secured, and we implement clean desk policies.
• Technical Safeguards: We use 256-bit AES encryption for data in transit and at rest, implement role-based access controls, maintain comprehensive audit logs, use multi-factor authentication for system access, and deploy firewalls, intrusion detection systems, and endpoint protection.
• Breach Notification: In the unlikely event of a data breach involving PHI, we will notify affected clients and individuals in accordance with HIPAA Breach Notification Rule requirements within the required timeframes.
• Minimum Necessary Standard: We limit access to PHI to the minimum necessary to accomplish the intended purpose of the use, disclosure, or request.

4. Data Security

We implement comprehensive security measures to protect your personal information and any PHI we process. These measures include but are not limited to:

• 256-bit AES encryption for all data in transit (TLS/SSL) and at rest
• Secure VPN connections for remote access to client systems
• Multi-factor authentication (MFA) for all system access
• Role-based access controls (RBAC) ensuring least-privilege principles
• Regular security audits, vulnerability assessments, and penetration testing
• Automated backup systems with encrypted off-site storage
• Comprehensive employee background checks prior to employment
• Firewall protection, intrusion detection, and endpoint security solutions
• Documented incident response plan with regular drills
• Physical security controls for all office locations

While we strive to protect your information using commercially reasonable methods, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee absolute security, but we continuously evaluate and improve our security practices to mitigate risks.

5. Cookies and Tracking Technologies

Our Site uses cookies and similar tracking technologies to enhance your browsing experience. The types of cookies we use include:

• Essential Cookies: These cookies are necessary for the Site to function properly. They enable core functionality such as security, session management, and accessibility. You cannot opt out of essential cookies.
• Analytics Cookies: We may use third-party analytics services (such as Google Analytics) to collect information about how visitors use our Site. These cookies help us understand visitor behavior, popular pages, and areas for improvement. Analytics data is collected in aggregate and does not personally identify individual visitors.
• Preference Cookies: These cookies remember your preferences and settings, such as your cookie consent choice, to provide a more personalized experience on subsequent visits.

You can manage your cookie preferences through your browser settings. Most browsers allow you to refuse or delete cookies. However, if you disable essential cookies, some parts of our Site may not function properly. For more information about managing cookies, visit allaboutcookies.org.

6. Third-Party Services

We may use third-party services to support our Site and business operations, including:

• Google Analytics: For website traffic analysis and usage statistics. Google Analytics uses cookies to collect anonymous data about how visitors interact with our Site. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.
• Google Fonts: For typography rendering. Google Fonts may collect your IP address when fonts are loaded from Google's servers.
• Content Delivery Networks (CDN): We use CDN services (such as jsDelivr and Cloudflare) to deliver CSS frameworks, JavaScript libraries, and font files efficiently. These services may log access information including IP addresses.
• Email Service Providers: We may use third-party email services to send newsletters and transactional emails. These providers process your email address in accordance with their own privacy policies.

We do not control the privacy practices of third-party services and recommend reviewing their privacy policies. We only engage third-party providers who demonstrate appropriate data protection practices.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Specifically:

• Contact Form Submissions: Retained for the duration of our business relationship plus an additional period as required for legal and compliance purposes.
• Newsletter Subscriptions: Retained until you unsubscribe. Upon unsubscription, your email is removed from our active mailing list but may be retained in backup systems for a limited period.
• Website Analytics Data: Retained in accordance with the retention policies of the respective analytics platforms (typically 14-26 months for Google Analytics).
• Protected Health Information: Retained in accordance with HIPAA requirements and our Business Associate Agreements, typically for a minimum of six years from the date of creation or the last effective date, whichever is later.

8. Your Rights

Depending on your jurisdiction, you may have certain rights regarding your personal information, including:

• Right to Access: You may request a copy of the personal information we hold about you.
• Right to Correction: You may request that we correct inaccurate or incomplete personal information.
• Right to Deletion: You may request that we delete your personal information, subject to certain legal exceptions and retention requirements.
• Right to Opt-Out: You may opt out of receiving marketing communications at any time by clicking the "unsubscribe" link in any email or contacting us directly.
• Right to Restrict Processing: You may request that we limit how we process your personal information under certain circumstances.
• Right to Data Portability: You may request a copy of your personal information in a structured, machine-readable format.

To exercise any of these rights, please contact us using the information provided in the "Contact Us About Privacy" section below. We will respond to your request within 30 days.

California Residents: Under the California Consumer Privacy Act (CCPA), California residents have additional rights including the right to know what personal information is collected, the right to delete personal information, and the right to opt-out of the sale of personal information. RevTechSquare does not sell personal information.

9. Children's Privacy

Our Site is not intended for children under the age of 13, and we do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected personal information from a child under 13, we will take steps to delete that information as quickly as possible. If you believe a child under 13 has provided us with personal information, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will update the "Last Updated" date at the top of this page. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of the Site after any changes constitutes your acceptance of the updated Privacy Policy.

11. Contact Us About Privacy

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: Info@revtechsquare.com
• Phone: (480) 953-8619
• Mail: RevTechSquare, LLC, Attn: Privacy Officer, 123 Business Avenue, Suite 100, City, State 00000

We take all privacy inquiries seriously and will respond within 30 days of receiving your request.