How we handle
your information.

Information you give us

• Contact form submissions. Name, agency name, email, phone (optional), practice size, monthly net collections range, your pain point, and preferred contact time.
• Email correspondence. Anything you send to [email protected].
• Engagement data. If you become a client, the information necessary to deliver our services under a Business Associate Agreement.

Information collected automatically

• Usage analytics. Cookie-less, privacy-respecting analytics (Vercel Analytics or Plausible) to count page visits and referrers. No personal identifiers stored. We do not use Google Analytics, Meta Pixel, LinkedIn Insight Tag, or any third-party advertising tracker.
• Server logs. Standard request logs (IP address, user agent, request path) retained for up to 30 days for security and abuse prevention.

Cookies

The marketing site does not set non-essential cookies. If we add features that require cookies later (a Calendly embed, a login flow), you will be asked to consent first.

• To respond to your inquiry and follow up where you've asked us to.
• To deliver the services you've engaged us for under a written agreement.
• To improve the site, fix bugs, and prevent abuse.
• To comply with legal obligations.

We do not sell or rent personal information. We do not use your inquiry data for advertising. We do not feed it to AI model training.

• Service providers we use to operate the site and our business (email delivery, cloud hosting, analytics). They process data on our behalf under contract.
• HIPAA-covered clients, where the information relates to services we deliver on their behalf.
• Law enforcement or regulators, where legally required.

When Cleared RCM provides revenue cycle services to a healthcare provider client, we operate as a HIPAA Business Associate of that client.

• We execute a written Business Associate Agreement ("BAA") before any PHI is exchanged.
• PHI is processed only on the client's lawful instructions, and only for the services they've engaged us to perform.
• PHI is stored on encrypted, access-controlled infrastructure in the United States. Access is role-based, audited, and limited to personnel who need it for the engagement.
• We do not sell, monetize, or use PHI for marketing.
• Breach notification and incident response follow the HIPAA Breach Notification Rule and the terms of the applicable BAA.

If you are a patient or family member of a Cleared RCM client and have questions about your information, please contact the provider directly. They are the HIPAA Covered Entity for your records. We will support them in responding to any valid request.

Read our full HIPAA page →

Inquiry data submitted through the contact form or email is retained for as long as the inquiry is active and for a reasonable period afterward (typically 24 months) for follow-up. PHI processed under a BAA is retained, returned, or destroyed per that BAA and applicable law.

Depending on where you live, you may have rights to access, correct, delete, or restrict use of your personal information. To exercise any of these, email [email protected]. We'll respond within a reasonable timeframe and no later than required by applicable law.

We follow recognized security practices: encryption in transit (TLS), encryption at rest, role-based access control, multi-factor authentication, and routine review of administrative access. No system is perfectly secure, and we won't pretend otherwise. We treat data carefully and respond promptly to issues.

Our website is intended for healthcare professionals and business contacts. It is not directed to children under 13, and we don't knowingly collect personal information from children through this site.

We may update this notice from time to time. The "Last updated" date at the top reflects the most recent change. Material changes will be flagged on this page.