Privacy Policy

Effective Date: January 14, 2024

At The Del Mar Code Company LLC (dba Sord) (“Company,” “we,” “our,” or “us”), we are committed to protecting your privacy and ensuring the security of your personal and healthcare-related information. This Privacy Policy explains how we collect, use, and safeguard your information when you use our healthcare SaaS platform (“Platform”) provided through our website at www.sord.co (the “Site”).

Please note: This Privacy Policy provides general information about our data practices. However, if you have entered into a separate negotiated contract with The Del Mar Code Company LLC (dba Sord), including but not limited to a Business Associate Agreement (BAA) or an Information Security Agreement, the terms of those agreements will take precedence over the terms outlined in this Privacy Policy, particularly regarding HIPAA compliance and the handling of protected health information (PHI).

By using our Platform, you agree to the terms of this Privacy Policy. If you do not agree with the practices described in this Policy, please do not use our Platform.

1. Information We Collect

a. Personal Information

We collect personal information that you voluntarily provide to us when you register for an account, use our Platform, or communicate with us. This information may include:

• Contact Information: Full name, email address, phone number, and mailing address.
• Professional Information: Credentials, employer information, and job title.
• Account Information: Username, password, and security questions.

b. Healthcare Information

As a healthcare SaaS platform, we may collect and process protected health information (PHI) as defined by the Health Insurance Portability and Accountability Act (HIPAA). This information may include:

• Patient Data: Medical records, treatment information, and other healthcare-related data provided by you or your organization.

c. Technical Information

When you access our Site or Platform, we automatically collect certain technical information, including:

• Device Information: IP address, browser type, operating system, and device identifiers.
• Usage Data: Pages visited, time spent on the Platform, and other usage patterns.

d. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our Site and to analyze usage patterns. For more information, please review our Cookie Policy.

2. How We Use Your Information

We use the information we collect for various purposes, including:

• Providing Services: To operate, maintain, and improve our Platform and to deliver the services you request.
• Account Management: To create and manage your account, including authentication and security.
• Communication: To communicate with you about your account, respond to inquiries, and provide support.
• Compliance: To ensure compliance with legal obligations, including HIPAA and other applicable regulations.
• Analytics: To analyze usage patterns and improve our Platform’s performance and user experience.

3. How We Share Your Information

We do not sell your personal or healthcare information to third parties. However, we may share your information in the following circumstances:

• With Your Consent: We may share information when you have given us explicit consent to do so.
• With Service Providers: We may share information with third-party service providers who assist us in operating our Platform, subject to strict confidentiality agreements.
• For Legal Compliance: We may disclose information if required by law, regulation, or legal process, including to comply with HIPAA regulations. Where applicable, such disclosures will be made in accordance with any relevant Business Associate Agreement (BAA) or Information Security Agreement.
• In Business Transfers: If we undergo a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction, subject to the same privacy protections.

4. How We Protect Your Information

We implement a variety of security measures to protect your personal and healthcare information, including:

• Encryption: Data is encrypted in transit and at rest to ensure its confidentiality.
• Access Controls: Access to information is restricted to authorized personnel who require it to perform their job functions.
• Auditing and Monitoring: We regularly audit our systems and practices to ensure compliance with security standards and regulations.

5. Your Rights and Choices

a. Access and Correction

You have the right to access and correct your personal information. You can update your account information through the Platform or by contacting us directly.

b. Data Portability

Where applicable, you may request a copy of your personal data in a machine-readable format.

c. Data Deletion

You may request the deletion of your personal information, subject to any legal obligations or retention requirements. Note that specific terms regarding data deletion may be governed by any applicable Business Associate Agreement (BAA) or Information Security Agreement.

d. Opt-Out

You may opt-out of receiving promotional communications from us by following the unsubscribe instructions provided in those communications. Please note that you may still receive non-promotional communications related to your account or our services.

e. California Residents’ Rights

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). These rights include the right to know what personal information we collect about you, the right to request deletion of your personal information, the right to opt out of the sale of your personal information, and the right to non-discrimination for exercising these rights. To exercise these rights, please contact us using the information provided below.

6. Children’s Privacy

Our Platform is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information.

7. International Data Transfers

Our Platform is intended for use by individuals within the United States. We do not permit access to our Platform from outside the United States to ensure compliance with HIPAA regulations. If you are located outside of the United States and attempt to access our Platform, please be aware that your information will be processed in accordance with U.S. laws, which may not offer the same level of protection as the laws in your country.

8. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you in accordance with applicable state and federal laws. For California residents, this includes the California Data Breach Notification Law. We will also comply with the notification requirements of any applicable Business Associate Agreement (BAA) or Information Security Agreement.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any significant changes will be communicated to you through the Platform or via email. Continued use of the Platform after such changes indicates your acceptance of the updated Policy. In the event of any conflict between this Privacy Policy and the terms of a negotiated contract, including a Business Associate Agreement (BAA) or Information Security Agreement, the terms of the negotiated contract will take precedence.

10. Contact Information

If you have any questions or concerns about this Privacy Policy or our data practices, or if you wish to exercise your rights under applicable privacy laws, please contact us at: