Privacy Policy

We collect information that you provide directly to us, including: - Account Information: Name, email address, phone number, professional credentials, and practice details when you create an account. - Patient Data: Medical records, appointment history, prescriptions, and clinical notes entered into the platform by authorized healthcare providers. - Usage Data: Information about how you interact with our services, including log data, device information, and browser type. - Payment Information: Billing details processed securely through our third-party payment providers. We do not store full credit card numbers on our servers. - Communications: Records of your interactions with our support team, including emails and chat logs.

We use the information we collect to: - Provide, maintain, and improve our medical practice management services. - Process transactions and send related information, including confirmations and invoices. - Send technical notices, updates, security alerts, and administrative messages. - Respond to your comments, questions, and customer service requests. - Monitor and analyze trends, usage, and activities in connection with our services. - Detect, investigate, and prevent fraudulent transactions and other illegal activities. - Personalize and improve your experience with the platform.

We do not sell your personal information. We may share information in the following circumstances: - With Your Consent: We may share information when you direct us to do so. - Service Providers: We share data with third-party vendors who assist in operating our platform (e.g., hosting, analytics, payment processing), all bound by strict confidentiality agreements. - Legal Requirements: We may disclose information if required by law, regulation, legal process, or governmental request. - Business Transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. - Aggregated Data: We may share anonymized, aggregated data that cannot identify individuals for research and analytics purposes.

We implement industry-standard security measures to protect your data: - Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256). - Access Controls: Role-based access controls ensure that only authorized personnel can access sensitive data. - Audit Logging: All access to patient data is logged and monitored for compliance. - Regular Assessments: We conduct regular security audits and vulnerability assessments. - Incident Response: We maintain a comprehensive incident response plan and will notify affected users promptly in the event of a data breach.

We retain your information for as long as your account is active or as needed to provide services: - Account Data: Retained for the duration of your subscription and for 30 days after account closure. - Patient Records: Retained according to applicable healthcare regulations, typically a minimum of 7 years after the last patient encounter. - Usage Logs: Retained for up to 12 months for analytics and security purposes. - Backup Data: Encrypted backups are retained for 90 days for disaster recovery. You may request deletion of your data at any time, subject to legal and regulatory retention requirements.

Depending on your jurisdiction, you may have the following rights: - Access: Request a copy of the personal data we hold about you. - Correction: Request correction of inaccurate or incomplete data. - Deletion: Request deletion of your data, subject to legal retention requirements. - Portability: Request your data in a portable, machine-readable format. - Opt-Out: Opt out of marketing communications at any time. - Restrict Processing: Request that we limit how we use your data. To exercise any of these rights, please contact us at privacy@galy.io.

We use cookies and similar tracking technologies to: - Maintain your session and authentication state. - Remember your preferences and settings. - Analyze usage patterns to improve our services. - Provide security features. You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of our platform.

Galy is not designed for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected data from a child, we will take steps to delete such information promptly. Pediatric patient data entered by authorized healthcare providers is subject to all applicable HIPAA protections and the privacy safeguards described in this policy.

We may update this Privacy Policy from time to time. We will notify you of any material changes by: - Posting the updated policy on our website with a new effective date. - Sending an email notification to the address associated with your account. - Displaying a prominent notice within the application. Your continued use of Galy after changes become effective constitutes your acceptance of the updated policy.

If you have any questions about this Privacy Policy or our data practices, please contact us: - Email: privacy@galy.io - Mail: Galy., 123 Health Street, Suite 400, San Francisco, CA 94102 - Phone: +1 (555) 123-4567 - Data Protection Officer: dpo@galy.io