1. Information We Collect

We collect information you provide directly, including your name, email address, practice name, NPI number, specialty, state, team size, and job title when you create an account. We also collect team member information (names, emails, roles) when you invite staff. Usage data such as pages viewed, features used, and compliance module interactions is collected automatically. Payment information is processed securely through Stripe; we do not store full credit card numbers.

2. How We Use Your Information

We use your information to provide and improve the GuardWell Compliance platform, send compliance reminders and notifications, process payments, generate AI-powered compliance content tailored to your practice, and communicate product updates. We do not sell your personal information to third parties. We do not use your compliance data to train AI models without your explicit consent.

3. Cookies and Tracking

We use session cookies for authentication, Firebase Auth tokens (localStorage) for secure login, and preference cookies for remembering your settings. We do not use tracking cookies for advertising purposes and do not participate in third-party ad networks.

4. Third-Party Service Providers

We share information with trusted providers to operate the Service: Firebase Authentication (identity management), Stripe (payments), Google Cloud SQL (database), Anthropic Claude AI (content generation), Google Cloud Run and Storage (hosting and files), and Resend (email delivery). All data is stored within the United States. A complete sub-processor list is maintained in our Data Processing Agreement.

5. Data Security

We implement industry-standard security measures including encryption in transit (TLS 1.2+) and at rest (AES-256), role-based access controls, multi-factor authentication, audit logging, and regular security assessments. All data is stored in SOC 2 Type II certified Google Cloud infrastructure within the United States.

6. Data Breach Notification

In the event of a data breach, we will notify affected customers without unreasonable delay and in no case later than 72 hours after becoming aware of the breach. Notifications will include a description of the breach, categories of data affected, likely consequences, and measures taken. Where a BAA is in place, we will cooperate with HIPAA breach notification requirements.

7. HIPAA Compliance

GuardWell Compliance is designed to help healthcare practices meet their compliance obligations. We will enter into a Business Associate Agreement (BAA) with covered entities as required by HIPAA. You can review and accept our BAA at app.gwcomp.com/settings/baa or contact us at support@gwcomp.com.

8. Data Retention and Deletion

We retain your data for as long as your account is active. Upon cancellation, data is retained for 30 days for reactivation or export, then permanently deleted. You may request immediate deletion at any time by contacting support. Deletion requests are processed within 30 days.

9. Data Portability

You have the right to export your compliance data in machine-readable formats (CSV, JSON) through self-service in your account settings or by contacting support. We will provide your data within 30 days of the request.

10. Your Rights

You have the right to access, correct, delete, and export your personal data. You may restrict or object to processing in certain circumstances. You may opt out of marketing communications at any time. California residents have additional rights under the CCPA, including the right to know and the right to delete. We do not sell personal information. To exercise these rights, contact us at privacy@gwcomp.com.

11. Complete Privacy Policy

The complete and authoritative version of our Privacy Policy is available at app.gwcomp.com/privacy. In the event of any discrepancy between this summary and the full Privacy Policy, the full version shall prevail. See also our Data Processing Agreement for detailed information about how we process data on your behalf.

12. Contact Us

If you have questions about this Privacy Policy, please contact us at:
General: support@gwcomp.com
Privacy requests: privacy@gwcomp.com
Company: Noorros, LLC dba GuardWell Compliance