Skip to main content
Patient Protect circular logo mark in purple and white used for site navigationPatient Protect

Legal

Privacy Policy

Last revised: April 26, 2026

Scope: This Privacy Policy applies exclusively to the marketing website at patient-protect.com. The Patient Protect compliance platform at hipaa-port.com is governed by a separate Privacy Policy, Business Associate Agreement (BAA), and Customer Terms available upon registration.

Our Commitment

We are a security and privacy company. That means our standard for how we handle your information on this website should be higher than the standard we recommend to our customers. We do not track you across the internet for advertising auctions. We do not sell or rent your personal information. We limit what we collect, we tell you exactly what we use it for, and we retain it only as long as we need to. What follows is the formal policy.

Patient Protect LLC (“Patient Protect,” “we,” “us”) operates this website to provide information about HIPAA compliance, healthcare security intelligence, and our platform services. This Privacy Policy describes the information we collect through patient-protect.com, how we use it, and your choices.

1. Information We Collect

1.1 Information You Provide

When you interact with our website, you may voluntarily provide:

  • Contact forms: Name, email address, practice name, and message content.
  • Newsletter signup: Email address.
  • Free tool usage: Name, email address, practice name, and assessment responses (e.g., risk assessment answers, compliance readiness inputs, ePHI data flow selections). These inputs are used to generate your results and are not retained beyond the session unless you provide your email to receive them.
  • Ask PIPAA (AI assistant): Text queries you submit. Do not include Protected Health Information (PHI) or personally identifiable information in queries. Automated pattern-based redaction is applied as a safeguard, but it is not a substitute for user caution. You are responsible for the content you submit. Queries are processed in real time and are not stored after your session ends.
  • Job applications: Name, email, phone, LinkedIn URL, resume, and cover letter.

1.2 Information Collected Automatically

When you visit our website, we may automatically collect:

  • Browser type and version
  • Device type and operating system
  • IP address
  • Pages viewed, time on page, and navigation path
  • Referring URL
  • Visitor persona selections, if you answer an on-site audience prompt
  • Approximate geographic location (country level, used for access control — see Section 7)

1.3 Information We Do Not Collect

This marketing website does not collect sensitive personal information categories including precise geolocation, biometric data, health information, genetic data, or financial account numbers. No Protected Health Information (PHI) is collected, processed, or stored on patient-protect.com.

2. How We Use Your Information

We use collected information to:

  • Respond to inquiries and form submissions
  • Deliver newsletter content you subscribed to
  • Generate free tool results (risk scores, compliance assessments, data flow maps)
  • Process Ask PIPAA AI assistant queries
  • Analyze website traffic and improve our content
  • Understand broad visitor segments and route content appropriately
  • Detect and prevent abuse, scraping, and unauthorized access
  • Comply with legal obligations

We do not sell personal information for monetary consideration. We may share limited personal information with advertising partners (Google Ads) for conversion measurement and advertising purposes, which may constitute “sharing” under California law. You may opt out by declining advertising cookies via our consent notice or by sending a Global Privacy Control signal.

Free tool outputs (risk scores, readiness assessments, compliance checklists) are informational only and do not constitute automated decisions with legal or similarly significant effects.

3. Third-Party Service Providers

We use the following third-party services to operate this website. Each processes data only as necessary to provide its service:

  • Google Analytics 4 (GA4): Website traffic analysis. You may opt out by declining cookies in our notice. Google Privacy Policy.
  • Google Ads: Conversion tracking for advertising campaigns. You may opt out by declining cookies in our notice.
  • Google Tag Manager: Tag management for analytics. Does not access personal data directly.
  • Netlify: Website hosting, form processing, and serverless functions. Netlify Privacy Policy.
  • Anthropic:AI processing for the Ask PIPAA compliance assistant. Queries are processed through Anthropic's commercial API under terms that prohibit use of customer inputs for model training. Anthropic Privacy Policy.
  • Buttondown: Newsletter delivery and subscriber management.
  • Web3Forms: Contact form and lead capture submission processing.

All data is processed in the United States.

4. Cookies

We use the following categories of cookies:

  • Essential cookies: Required for site functionality (session management, security, consent preferences). These cannot be disabled.
  • Analytics cookies (Google Analytics): Measure site traffic and behavior. Disabled if you decline cookies via our notice.
  • Advertising cookies (Google Ads): Track advertising conversions. Disabled if you decline cookies.

You may opt out of analytics and advertising cookies by declining cookies via our consent notice, adjusting your browser settings, or installing the Google Analytics Opt-out Browser Add-on.

5. Data Retention

  • Form submissions: Retained for up to 24 months for business development, then deleted.
  • Newsletter subscriptions: Retained until you unsubscribe.
  • Free tool inputs: Processed in your browser session. Assessment results submitted via email gate are retained for up to 24 months.
  • AI assistant queries: Not stored after your session ends.
  • Analytics data:Retained per Google's standard retention settings (14 months).
  • Visitor persona logs: Retained in limited form for audience analysis and abuse prevention.
  • Server logs: Retained for up to 90 days for security monitoring.

6. Your Rights and Choices

  • Opt out of emails:Click “Unsubscribe” in any email, or email info@patient-protect.com.
  • Opt out of cookies: Decline via our consent notice or adjust browser settings.
  • Global Privacy Control: We honor the Global Privacy Control (GPC) browser signal as a valid opt-out of sale and sharing of personal information for residents of states where such signals are legally recognized.
  • Request data deletion: Email info@patient-protect.com with the subject “Data Deletion Request.” We will respond within 30 days.
  • Request data export: Email info@patient-protect.com with the subject “Data Export Request.”

State Privacy Rights

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA/CPRA), including the right to know what personal information we collect, the right to request deletion, and the right to opt out of sharing for cross-context behavioral advertising. Residents of other US states with comprehensive privacy laws — including but not limited to Virginia, Colorado, Connecticut, Utah, Texas, and Oregon — may have similar rights to access, correct, delete, and port their personal information, and to opt out of certain processing. To exercise these rights, contact us at info@patient-protect.com.

7. Geographic Access Restrictions

Patient Protect is a US-based service for US healthcare providers. We use geographic detection (IP-based) to restrict access to this website from outside the United States. Visitors detected as originating from outside the US are redirected to a restricted access page. This restriction does not apply to search engine crawlers.

8. Security

We implement industry-standard security measures including TLS 1.3 encryption in transit, Content Security Policy headers, rate limiting, bot detection, and access controls. No method of electronic transmission is 100% secure, and we cannot guarantee absolute security.

9. Data Breach Notification

In the event of a data breach affecting your personal information, we will notify affected individuals without undue delay and consistent with applicable state and federal law, and will report the breach to applicable regulatory authorities within the timelines those laws require.

10. Age Restrictions

This website is intended for licensed healthcare professionals and business users. It is not directed at minors, and we do not knowingly collect information from individuals under 18. If you believe we have collected such information, contact us immediately.

11. Links to Other Sites

This website contains links to third-party websites, including our platform at hipaa-port.com. Those sites are governed by their own privacy policies. We encourage you to review them.

12. Changes to This Policy

We may update this policy from time to time. The “Last revised” date at the top reflects the most recent version. Continued use of the website after changes constitutes acceptance.

13. Contact

For privacy questions or data requests:

Patient Protect LLC
411 S Sangamon St, Chicago, IL 60607
info@patient-protect.com

© 2026 Patient Protect LLC. All rights reserved.
Terms of Use · Intellectual Property Policy