Plusana Plusana

Privacy Policy

Last Updated: June 29, 2025

This Privacy Policy describes how Plusana ("Plusana", "we", "us", or "our") collects, uses, and discloses your information in connection with your use of our website and services (the "Service").

1. Information We Collect

We collect information in the following ways:

  • Information from Practitioners: When you create an account, we collect your name, email address, payment information, and other account details.
  • Information about Patients (PHI): As a Practitioner, you provide information about your patients, including their name, phone number, and you create questions and collect responses related to their health. This information is considered Protected Health Information (PHI) under HIPAA. We act as a Business Associate to process this data on your behalf.
  • Information from Website Visitors: We collect information automatically through cookies and analytics tools, such as your IP address, browser type, and usage patterns. This helps us improve our Service.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain our Service.
  • Process your subscription payments.
  • Communicate with you, including for customer support and service updates.
  • Monitor and analyze usage to improve and personalize the Service.
  • Comply with legal obligations, including our duties under HIPAA.

3. How We Share Your Information

We do not sell your personal information or PHI. We may share information with third-party service providers (subprocessors) who help us operate our Service, such as:

  • Cloud Hosting Providers: (e.g., Google Cloud, AWS) for data storage. All providers are HIPAA-compliant.
  • Payment Processors: (e.g., Stripe) to handle subscription payments.
  • Communication Platforms: (e.g., Meta/WhatsApp) to deliver messages to patients on your behalf.

We have agreements with these providers to ensure they protect your data and use it only for the services they provide to us.

4. Data Security

We implement robust technical and administrative safeguards designed to protect the security, confidentiality, and integrity of your data. This includes encryption of data in transit (using TLS) and at rest, as well as strict access controls.

5. Data Retention

We retain your account information for as long as your account is active or as needed to provide you with the Service. We retain patient data according to your instructions or until you delete the patient's record. Upon account termination, we will delete your data in accordance with our data retention policies and legal obligations.

6. Your Data Protection Rights (GDPR)

If you are a resident of the European Economic Area (EEA), you have certain data protection rights, including the right to access, correct, update, or request deletion of your personal information. Please contact us to exercise these rights.

7. Children's Privacy

Our Service is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children under 16.

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

9. Contact Us

If you have any questions about this Privacy Policy, please contact us at wm.hass@gmail.com.