Privacy Policy

Account Information: When you sign in, we collect your name, email address, and profile image from your Google account or via email-based authentication. We do not collect or store your Google password.

Client / Patient Data: Our Service processes Protected Health Information (PHI) submitted through intake forms on behalf of your organization. This data is entered by clients or their guardians and includes demographic information, insurance details, medical history, and clinical assessments.

Usage Data: We collect standard server logs including IP addresses, browser type, and timestamps for security and audit purposes as required by HIPAA.

• To authenticate your identity and provide access to the Service
• To process and display intake form data for your organization
• To maintain audit logs for HIPAA compliance
• To sync data with authorized third-party systems (e.g., your organization’s EMR, CRM, or document storage) as configured by your administrator
• To improve the reliability and security of the Service

All data is stored on Google Cloud Platform infrastructure located in the United States. We employ industry-standard security measures including:

• Encryption in transit (TLS/HTTPS) and at rest
• Role-based access controls limiting data visibility to authorized users within each organization
• Multi-tenant data isolation — each organization’s data is logically separated
• Comprehensive audit logging of all data access and modifications
• Session expiration after 8 hours of inactivity

AuthReady™ is designed to comply with the Health Insurance Portability and Accountability Act (HIPAA). We maintain a Business Associate Agreement (BAA) with Google Cloud for our hosting infrastructure. We process PHI only as directed by covered entities (your organization) and in accordance with applicable BAAs.

We do not sell, rent, or share your personal information or PHI with third parties for marketing purposes. We may share data only:

• With third-party services your organization has configured — solely to provide the Service
• As required by law, regulation, or legal process
• To protect the rights, safety, or property of AuthReady™, our users, or the public

We retain your account information and associated data for as long as your organization maintains an active subscription. Upon termination, we retain all data as required by law or requested by your organization.

Depending on your jurisdiction, you may have the right to:

• Access, correct, or delete your personal information
• Request a copy of data we hold about you
• Withdraw consent for data processing

For PHI-related requests, please contact your organization’s administrator, who can coordinate with us to fulfill your request.

When you sign in with Google, we request access to your basic profile information (name, email, and profile picture) solely for authentication purposes. We do not request access to your Google Drive, Gmail, Calendar, or any other Google services through your personal account.

We use essential cookies to maintain your authenticated session. We do not use advertising cookies or third-party tracking cookies.

We may update this Privacy Policy from time to time. We will notify affected organizations of material changes via email or through the Service. Your continued use of the Service after changes constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or our data practices, please contact us at:

AuthReady™
Email: contact@intake2treatment.com