Privacy Policy
Last updated: January 2026
1. Introduction
xEHR ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our healthcare software platform.
2. Information We Collect
We collect information that you provide directly to us, including:
- Account information (name, email, organization)
- Practice information (NPI, address, specialty)
- Usage data and analytics
3. Protected Health Information (PHI)
As a healthcare software provider, we process PHI on behalf of covered entities (healthcare providers). Our handling of PHI is governed by the Health Insurance Portability and Accountability Act (HIPAA) and the Business Associate Agreement (BAA) we sign with each customer.
4. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve our services
- Process transactions and send related information
- Send technical notices, updates, and support messages
- Respond to your comments and questions
- Comply with legal obligations
5. Data Security
We implement appropriate technical and organizational measures to protect your data, including AES-256 encryption, access controls, and regular security audits. See our Security page for details.
6. Data Retention
We retain your data for as long as your account is active or as needed to provide services. PHI is retained according to applicable healthcare regulations and your organization's policies.
7. Your Rights
You have the right to access, correct, or delete your personal information. Healthcare providers control patient data access through the platform.
8. Contact Us
If you have questions about this Privacy Policy, please contact us at:
Email: privacy@xehr.io
Address: xEHR, Inc.