Privacy Policy

1. Information We Collect

1.1 Information You Provide to Us

We collect information that you voluntarily provide to us when you:

• Contact us: Name, email address, phone number, company name, and message content
• Register for services: Account credentials, business information, contact details
• Use our services: Healthcare data, integration settings, system configurations
• Communicate via SMS: Mobile phone number, message content, opt-in preferences
• Subscribe to updates: Email address, communication preferences

1.2 Information Automatically Collected

When you access our website or services, we may automatically collect:

• Device Information: IP address, browser type, operating system, device identifiers
• Usage Data: Pages visited, time spent, click patterns, referring URLs
• Cookies and Tracking: Session cookies, analytics cookies, preference cookies
• Log Data: Access times, error logs, performance data

1.3 Protected Health Information (PHI)

For healthcare clients, we may process Protected Health Information (PHI) as defined under HIPAA. PHI is handled with the highest security standards and in compliance with all applicable healthcare privacy regulations.

2. How We Use Your Information

We use the collected information for the following purposes:

• Service Delivery: Provide, maintain, and improve our healthcare integration services
• Communication: Send service notifications, alerts, updates, and respond to inquiries
• SMS Messaging: Deliver appointment reminders, diagnostic results, system alerts (with your consent)
• Technical Operations: Monitor system performance, troubleshoot issues, ensure security
• Analytics: Understand usage patterns, improve user experience, optimize services
• Compliance: Meet legal obligations, enforce terms, protect rights and safety
• Business Operations: Process payments, manage accounts, provide customer support

3. SMS and Communication Services

3.1 SMS Consent and Opt-Out

By providing your mobile number and opting into SMS services, you consent to receive automated messages. You can opt-out at any time by replying STOP to any message or contacting us directly. We respect your communication preferences and do not sell or share your mobile number for marketing purposes.

3.2 SMS Data Security

SMS messages containing sensitive healthcare information are transmitted securely and in compliance with HIPAA regulations where applicable. Third-party SMS providers are selected based on their security certifications and compliance standards.

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We share information with trusted third-party service providers who assist us in operating our services, including:

• Twilio: SMS and communication delivery
• Cloud Hosting: Infrastructure and data storage providers
• Analytics: Website and service usage analytics
• Payment Processors: Secure payment processing

All service providers are contractually obligated to protect your information and use it only for authorized purposes.

4.2 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.

4.3 Legal Requirements

We may disclose information when required by law, court order, subpoena, or to protect our rights, property, safety, or the rights of others.

4.4 Healthcare Partners

For integrated healthcare services, we may share information with authorized healthcare providers, laboratories, and diagnostic facilities as necessary for service delivery, always in compliance with HIPAA.

5. HIPAA Compliance

Greywind is committed to HIPAA compliance for all healthcare-related services. We implement appropriate administrative, technical, and physical safeguards to protect PHI. Business Associate Agreements (BAAs) are established with all covered entities and subcontractors who handle PHI.

Key HIPAA protections include:

• End-to-end encryption for data transmission
• Secure data storage with access controls
• Regular security audits and risk assessments
• Employee training on privacy and security
• Incident response and breach notification procedures

6. Data Security

We implement industry-standard security measures to protect your information, including:

• Encryption: SSL/TLS encryption for data in transit, AES-256 encryption for data at rest
• Access Controls: Role-based access, multi-factor authentication, least privilege principles
• Network Security: Firewalls, intrusion detection, regular security updates
• Monitoring: 24/7 security monitoring, automated threat detection
• Incident Response: Documented procedures for security incidents and data breaches

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but maintain commercially reasonable safeguards.

7. Data Retention

We retain your information for as long as necessary to provide services, comply with legal obligations, resolve disputes, and enforce agreements. Specific retention periods vary by data type:

• Account Data: Retained while account is active plus 7 years after closure
• Healthcare Data: Retained according to HIPAA requirements (minimum 6 years)
• Communication Records: Retained for 3 years for quality and compliance purposes
• Analytics Data: Anonymized and retained for service improvement

8. Your Privacy Rights

You have the following rights regarding your personal information:

8.1 Access and Portability

You may request a copy of your personal information in a structured, commonly used format.

8.2 Correction

You may request correction of inaccurate or incomplete personal information.

8.3 Deletion

You may request deletion of your personal information, subject to legal retention requirements.

8.4 Opt-Out

You may opt-out of marketing communications, SMS messages, and certain data collection activities.

8.5 HIPAA Rights

For PHI, you have additional HIPAA rights including the right to request an accounting of disclosures and to request restrictions on certain uses.

To exercise these rights, contact us at hello@greywind.tech.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience, analyze usage, and improve our services. You can control cookie preferences through your browser settings. Note that disabling cookies may limit some functionality.

Types of Cookies We Use:

• Essential Cookies: Required for website functionality and security
• Performance Cookies: Analytics and performance monitoring
• Functional Cookies: Remember your preferences and settings

10. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.

11. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child without parental consent, we will promptly delete it.

12. International Data Transfers

Your information may be transferred to and processed in the United States or other countries where we or our service providers operate. We ensure appropriate safeguards are in place for international transfers.

13. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, the right to deletion, and the right to opt-out of the sale of personal information. We do not sell personal information.

14. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of material changes by posting the updated policy on our website with a new effective date. Continued use after changes constitutes acceptance of the updated policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us: